On Wed, 21 Jul 2010 01:28:00 +0700, Sthu Deus wrote: > Thank You for Your time and answer, Camaleón: > >> What are you afraid of? I mean, what is your main concern? > > Spying, programs modifications. I have seen already unexplainable weird > things - one text file was in size - zero - that never has been so for a > long time, another, .ods - was partially damaged...
Those "weird things" could have been caused by many other sources or "simple things", i.e., an unexpected shutdown can delete your current (being used/edited/modified) files or corrupt others. Filesystems are not 100% prepared to handle such scenarios (full power downs or just small voltage spkies), so if you don't have a UPS, "weird things" can indeed happen. >> ClamAV can scan local files but is not very accurate with rootkits/ >> malware, just plain common viruses. > > So, what should I do for the distro install cds - regarding both - > spyware and viruses? You can do -mainly- two things: 1/ Analyze it with standard tools (AV/anti-rootkits). Remember that you can always mount the ISO image as a loop device to get the full image structure (directories and files). 2/ Verify the ISO integrity (md5sum). > If we speak about checksumming - sometimes it fails It can fail not just because it has been manipulated but also due to a download error. It's not uncommom to get a corrupted image when you are downloading 650 MiB or 4,5 GiB file. > though I believe the > problem lays in not accurate or whatever downloading, the images being - > I believe - unmodified... - Redownloading is hard because of bandwith. Yes, but *it is required* that you do it that way. A corrupted ISO image can be the cause of later nightmare problems (installation errors, rebooting, bad hardware detection...). >> Then you maybe interested in anti-rooktiks, like "chkrootkit" or >> "rootkit hunter" solutions. > > I guess it does not fit distro cd scanning right? You can scan whatever file or directory you have in your system. >> > Do You know such a skillful AV engine available for Debian? >> >> Mmm, not by first hand, I was just told that they did. But take a look > > In apt-cache search ... ? No, on each manufacturer's sites ;-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.07.20.21.05...@gmail.com
