Deutsch English Français Italiano |
<vb0i02$17qin$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: MarioCCCP <NoliMihiFrangereMentulam@libero.it> Newsgroups: comp.os.linux.misc Subject: Re: ISO of a linux animalware / antivirus scanner Date: Sun, 1 Sep 2024 04:02:41 +0200 Organization: A noiseless patient Spider Lines: 49 Message-ID: <vb0i02$17qin$1@dont-email.me> References: <vaj4ca$157e$1@gallifrey.nk.ca> <tal0qkx3nv.ln2@Telcontar.valinor> Reply-To: MarioCCCP@CCCP.MIR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 01 Sep 2024 04:02:42 +0200 (CEST) Injection-Info: dont-email.me; posting-host="9c7beb24d6523d11bf9c6a2ec1e43151"; logging-data="1305175"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18XQD/jbnnmYH9YFlXSgfFd" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:J5iQEfRR+AOHcOl4A39+QPUTek4= In-Reply-To: <tal0qkx3nv.ln2@Telcontar.valinor> Content-Language: en-GB, it-IT Bytes: 2825 On 27/08/24 12:11, Carlos E.R. wrote: > On 2024-08-27 01:50, The Doctor wrote: >> I suspect a Windows OS with an Intel MB >> have malware embedded in them. >> >> Are there are Linux ISOs I can use to test my theory? > > You need to ask in a Windows group. > > If you want to use clamav, you can do that with any linux > distro of your liking in which you install clamav. > I have it (and possibly, I have forgot !, running it), but I ignore how valuable this antivirus is, since it is since 2017 that I have give up following benchmarks of AVs, detections ratings and so. So I ask : how good is it this clamav ? I have a win11 install in vwmare (but I dont' even use it to web browse, just pilot the scanner whose linux version is buggy) but I just use its internal "defender". This clamav is effective enough (and frequently enough updated) for, i.g., cleanup suspect USB keys before exposing them to the W11 guest ? I am not aware if this sharing is sort of a direct tunnelling to the disk or some actions of the hypervisor happens in a transparent layer (possibly relevant for rootkits and so). how it works inside ? Based on a database signatures or "heuristic" / intercepting suspect behaviours ? Is it equally / less / more safe to use an AV in a virtualized environmente ? I'd say : no (since this one is at the host level and act before the USB key is unmounted from host and connected in the guest, but just mere suppositions). And windows defender inside a VM is known to be effective as in a real machine ? my knowledge of AV is really outdated now ! -- 1) Resistere, resistere, resistere. 2) Se tutti pagano le tasse, le tasse le pagano tutti MarioCPPP