Protection Software for Unix

Overview

Protection software for Unix may be a bit more modular than what is often seen under other platforms (such as Microsoft Windows and some historic commercial platforms). Basically, there may be a need for there to be two parts. One is the Anti-Malware scanning engine which detects whether or not a potential threat should be classified as a detected threat. The other piece is some software that causes the scanning engine to analyze one or more potential threats. This latter piece of the equation may often be what provides a feature such as determining what gets scanned and when, and so that is the piece that would cause things to be scanned in some sort of a timely manner (possibly called “real-time”).

[#avnginix]: Scanning Engines
ClamAV

The core ClamAV program does not provide real-time scanning by itself, although some varieties/distributions of ClamAV may come with Clamuko which does provide real-time scanning by combining ClamAV with other software.

See: ClamAV for Unix.

Moved content

[#clmunxrm]: Memory requirements for ClamAV/Unix: this section got moved to: ClamAV for Unix: requirements.

[#clmukobn]: this section got moved to: ClamAV for Unix: clamuko.

[#fshclmcf]: this section got moved to: ClamAV for Unix: The /etc/freshclam.conf file (FreshClam configuration).

Software that causes AV scanning

Note that this software does not perform the actual scanning: that is done by the scanning engine. This is software that instructs the scanning engine to consider a potential threat (such as a file), but it is the scanning engine (for a Unix-like system) that determines how malicious the file should be considered to be. Such software is like to support at least one scanning engine by a third party, and perhaps multiple scanning engines.

At the time of this writing, none of these solutions have been sufficiently tested by Cyber Pillar. These are simply pointers for further research.

Samba-vscan
Guide about using Samba-vscan is part of the Guide about using OpenBSD as a Primary Domain Controller (for a Microsoft Windows Active Directory domain). (These guides are hosted on Kernel Panic and referenced by OpenBSDSupport.org.)
RSBAC
Reading about Dazuko (used with ClamAV's Clamuko), RSBAC seems to be another method of real-time anti-virus scanning. (Directions on how to use this software are not currently part of this guide.)
Misc/unsorted

This software may not have yet been classified as including a scanning engine, or not.

VirusScan for Linux (including under OpenBSD)

Details:

OpenBSDSupport.org: Integrating qmail, qmail-scanner, and NAI's VirusScan for Linux on OpenBSD shows how to use this, noting that the software's unpurchased trial version is restricted.

Others

Wikipedia's “Comparison of antivirus software”: section about software for “Linux distributions” lists several other alternatives which slow a “Proprietary” license.