Hi. On Sun, Mar 10, 2019 at 10:58:12AM -0400, deb wrote: > Starting assumption: I do want to run A/V. > * I get that it may actually INCREASE attack surface. > * But I have Windows & Mac stuff going back and forth to Debian 9.8 and just > want to check. > * (Clamscan already caught 4 things)
Ok. If it's the poison you want - we'll pour you a cup. > a. What does the group suggest running on debian beyond > - chkrootkit Thing was good like 15 years ago. The thing is - the world has moved, chrootkit stayed the same. Save yourself CPU cycles and do not install the thing. > - rkhunter It's primary purpose - i.e. rootkit detection is severely lacking. The thing has its uses as IDS and 'best practices auditor toolkit', but that's it. But if it's the IDS you need - there are tripwire and debsums. > - ClamAV Can catch a Windoze virus or two. The intended purpose of clamav is to sit on e-mail relay and scan the mail, which is does fulfill. > b. Does the list keep a ~ "pinned" answer for these kinds of questions? Not that I'm aware of. The thing is - instead of taking an insecure OS and building assorted kludges (in the form of anti-virus) around it, it's considered wise here to use a secure OS from the beginning. Reco
