Product SiteDocumentation Site

8.8. 対ウイルスツール

There are not many anti-virus tools included with Debian GNU/Linux, probably because GNU/Linux users are not plagued by viruses. The Unix security model makes a distinction between privileged (root) processes and user-owned processes, therefore a "hostile" executable that a non-root user receives or creates and then executes cannot "infect" or otherwise manipulate the whole system. However, GNU/Linux worms and viruses do exist, although there has not (yet, hopefully) been any that has spread in the wild over any Debian distribution. In any case, administrators might want to build up anti-virus gateways that protect against viruses arising on other, more vulnerable systems in their network.
Debian は対ウイルス環境を構築するために現在以下のような道具を提供しています。
  • http://www.clamav.net, provided since Debian sarge (3.1 release). Packages are provided both for the virus scanner (clamav) for the scanner daemon (clamav-daemon) and for the data files needed for the scanner. Since keeping an antivirus up-to-date is critical for it to work properly there are two different ways to get this data: clamav-freshclam provides a way to update the database through the Internet automatically and clamav-data which provides the data files directly. [55]
  • mailscanner an e-mail gateway virus scanner and spam detector. Using sendmail or exim as its basis, it can use more than 17 different virus scanning engines (including clamav).
  • libfile-scan-perl which provides File::Scan, a Perl extension for scanning files for viruses. This modules can be used to make platform independent virus scanners.
  • http://www.sourceforge.net/projects/amavis, provided in the package amavis-ng and available in sarge, which is a mail virus scanner which integrates with different MTA (Exim, Sendmail, Postfix, or Qmail) and supports over 15 virus scanning engines (including clamav, File::Scan and openantivirus).
  • http://packages.debian.org/sanitizer, a tool that uses the procmail package, which can scan email attachments for viruses, block attachments based on their filenames, and more.
  • http://packages.debian.org/amavis-postfix、メールトランスポートエージェントからひとつまたは 複数のウイルススキャナへのインターフェイスを提供するスクリプトです (このパッケージは postfix 版を提供します)。
  • exiscan, an e-mail virus scanner written in Perl that works with Exim.
  • blackhole-qmail a spam filter for Qmail with built-in support for Clamav.
Some gateway daemons support already tools extensions to build antivirus environments including exim4-daemon-heavy (the heavy version of the Exim MTA), frox (a transparent caching ftp proxy server), messagewall (an SMTP proxy daemon) and pop3vscan (a transparent POP3 proxy).
Debian currently provide clamav as the only antivirus scanning software in the main official distribution and it also provides multiple interfaces to build gateways with antivirus capabilities for different protocols.
Some other free software antivirus projects which might be included in future Debian GNU/Linux releases:http://sourceforge.net/projects/openantivirus/ (see http://bugs.debian.org/150698 and http://bugs.debian.org/150695 ).
FIXME: Is there a package that provides a script to download the latest virus signatures from http://www.openantivirus.org/latest.php?
FIXME: Check if scannerdaemon is the same as the open antivirus scanner daemon (read ITPs).
However, Debian will never provide propietary (non-free and undistributable) antivirus software such as: Panda Antivirus, NAI Netshield, http://www.sophos.com/, http://www.antivirus.com, or http://www.ravantivirus.com. For more pointers see the http://www.computer-networking.de/~link/security/av-linux_e.txt. This does not mean that this software cannot be installed properly in a Debian system[56].
For more information on how to set up a virus detection system read Dave Jones' article http://www.linuxjournal.com/article.php?sid=4882.


[55] If you use this last package and are running an official Debian, the database will not be updated with security updates. You should either use clamav-freshclam, clamav-getfiles to generate new clamav-data packages or update from the maintainers location:
  deb http://people.debian.org/~zugschlus/clamav-data/ /
  deb-src http://people.debian.org/~zugschlus/clamav-data/ /
[56] Actually, there is an installer package for the F-prot antivirus, which is non-free but gratis for home users, called f-prot-installer. This installer, however, just downloads http://www.f-prot.com/products/home_use/linux/ and installs it in the system.