
Ask HN: Is it common to run anti-malware on production linux boxes? - itguy82394823
A few enterprise customers have started asking &#x2F; requiring anti-malware on all &quot;computing devices&quot; and periodic scanning.<p>I haven&#x27;t encountered the idea of anti-malware on e.g. Ubuntu before, and this seems like an absurd idea. However, it could just be my inexperience showing, so - is anti-malware a common practice? What are the industry-standard products for anti-malware? Is the footprint ever a concern?
======
unimpressive
Yes, this is a silly upstairs corporate requirement on the part of your
enterprise customers. Slap ClamAV
([http://www.clamav.net/](http://www.clamav.net/)) on it and call it good.

One place where this sort of thing can be useful is when running a file or
mail server to help stop you from spreading malware to users, but to do it as
a way to prevent infection on the box itself? Worthless.

~~~
mirimir
I agree. But on development boxes in mixed Linux/Windows/OSX environments,
it's prudent.

------
archimedespi
Having done some sysadmin for unix/linux, I haven't run into too many anti-
malware programs for unix/linux or actual uses for them.

Kernel/userland hardening is a thing, however, and is arguably more effective.

~~~
insoluble
> Kernel/userland hardening is a thing

[forgive me if I misunderstood the topic] If you're running a server, then you
really should keep the Web side of things in an even more restricted zone than
normal Users. I create extremely limited accounts for each domain or large App
being hosted. Each such account can access only those resources it's supposed
to be able to.

~~~
archimedespi
> [forgive me if I misunderstood the topic]

You didn't misunderstand at all! When I stated that, I mean two different
things:

\- Kernel hardening

Kernel hardening is when you take the kernel and add patches/configure it to
be more secure, like grsecurity.

\- Userland hardening This is when you do exactly what you're talking about:
you restrict what the userland can do and configure _userland_ programs to be
more secure (ie turning off insecure Apache options). This could also mean
jailing or containerizing them.

------
informatimago
Ten years ago, I ran an email antivirus on a Linux box. Not for linux users
(only root), and neither for the MacOSX users on the LAN, but for the people
external to the organization who were sending MS-Word documents full of
malware, that were forwarded back to them. Internally the viruses were
ineffective, but it affected external correspondants, so we filtered them.

Nowadays, there are a few MacOSX and Linux malware, so it could be useful if
you are a high visibility potential target, to have such filters.

------
herbst
I run fail2ban on anything that can be reached from the Internet. I would most
likely run a virus software if i would run mail servers or some kind of public
file hosting, but i don't.

