Article <vb0i02$17qin$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vb0i02$17qin$1@dont-email.me>

Deutsch English Français Italiano

<vb0i02$17qin$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: MarioCCCP <NoliMihiFrangereMentulam@libero.it>
Newsgroups: comp.os.linux.misc
Subject: Re: ISO of a linux animalware / antivirus scanner
Date: Sun, 1 Sep 2024 04:02:41 +0200
Organization: A noiseless patient Spider
Lines: 49
Message-ID: <vb0i02$17qin$1@dont-email.me>
References: <vaj4ca$157e$1@gallifrey.nk.ca> <tal0qkx3nv.ln2@Telcontar.valinor>
Reply-To: MarioCCCP@CCCP.MIR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 01 Sep 2024 04:02:42 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="9c7beb24d6523d11bf9c6a2ec1e43151";
	logging-data="1305175"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18XQD/jbnnmYH9YFlXSgfFd"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:J5iQEfRR+AOHcOl4A39+QPUTek4=
In-Reply-To: <tal0qkx3nv.ln2@Telcontar.valinor>
Content-Language: en-GB, it-IT
Bytes: 2825

On 27/08/24 12:11, Carlos E.R. wrote:
> On 2024-08-27 01:50, The Doctor wrote:
>> I suspect a Windows OS with an Intel MB
>> have malware embedded in them.
>>
>> Are there are Linux ISOs I can use to test my theory?
> 
> You need to ask in a Windows group.
> 
> If you want to use clamav, you can do that with any linux 
> distro of your liking in which you install clamav.
> 

I have it (and possibly, I have forgot !, running it), but I 
ignore how valuable this antivirus is, since it is since 
2017 that I have give up following benchmarks of AVs, 
detections ratings and so.
So I ask : how good is it this clamav ?

I have a win11 install in vwmare (but I dont' even use it to 
web browse, just pilot the scanner whose linux version is 
buggy) but I just use its internal "defender".

This clamav is effective enough (and frequently enough 
updated) for, i.g., cleanup suspect USB keys before exposing 
them to the W11 guest ? I am not aware if this sharing is 
sort of a direct tunnelling to the disk or some actions of 
the hypervisor happens in a transparent layer (possibly 
relevant for rootkits and so).

how it works inside ? Based on a database signatures or 
"heuristic" / intercepting suspect behaviours ?
Is it equally / less / more safe to use an AV in a 
virtualized environmente ? I'd say : no (since this one is 
at the host level and act before the USB key is unmounted 
from host and connected in the guest, but just mere 
suppositions).

And windows defender inside a VM is known to be effective as 
in a real machine ?

my knowledge of AV is really outdated now !

-- 
1) Resistere, resistere, resistere.
2) Se tutti pagano le tasse, le tasse le pagano tutti
MarioCPPP