Install ClamAV Anti-virus by default for system scanning
Bug #1857410 reported by
Clinton H
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| clamav (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
The idea that linux is immune to malware is a false sense of security. Prevention is the best solution. I know users are safe if they only install software from the Software Center, but users could download a malicious .deb file. Firefox could automatically download a malicious java script file. Malware could trick a user into entering their root password. I know AV affects performance. It could automatically only scan files and repositories added to the system. A scheduled system scan could be optional.
| summary: |
- Why not integrate ClamAV Anti-virus into Ubuntu 20.04? + Install ClamAV Anti-virus by default for system scanning |
| Changed in clamav (Ubuntu): | |
| importance: | Undecided → Wishlist |
Revision history for this message
| Bryce Harrington (bryce) wrote | #1 |
| Changed in clamav (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Clinton H (49studebaker) wrote | #2 |
To post a comment you must log in.
Whether or not this should be done is a higher level question that should probably be discussed more broadly. As you point out, there are implications regarding performance that may make this undesirable to do for everyone across the board. This bug report is not really the right venue for that type of discussion - please raise it on Ubuntu Discourse, or the ubuntu-devel@ mailing list, or other project-wide discussion platform you prefer.
Personally, I think this is an idea worth pursuing. Online threats are omnipresent and only growing worse, after all. Historically Linux has tended to be safer due to its design and obscurity, but as you point out this is a false sense of security that will inevitably fail. So below is some speculation on how this improvement might be implemented:
Ideally each point of entry (Firefox, Software Center, ssh, ...) will have their own security mechanisms to prevent malware or intrusion, so probably for point-of-entry scanning (via clamav or other anti-virus mechanisms - see https:/
However, clamav also has a system scanning mode that runs per a schedule (cron or at), and I gather that's what is being suggested here. To make it installed by default would require adding clamav to one of the seeds (the desktop seed if it's only wanted for desktop, or some other seed if it's needed for Ubuntu Server and so on). Clamav sends reports via email, so the system would need to have a configured email address, and be able to deliver email locally, or else have some other means of communicating troubles to the user (e.g. popup notification, dialog in System Tools, motd entry, ...) Some thought would also need to go into what to do for fully autonomous installs such as a cloud server that may receive little or no maintenance attention after deployment.
The antivirus software would probably need to be continuously updated in production, to have the latest signatures and other protection mechanisms. This implies that a standing FFE would need granted for clamav (and/or other AV software). (This is probably a good idea regardless of whether its installed by default or not.)
Clamav doesn't disinfect files, it just detects and/or removes them. That may be too destructive to be done generally, so implementing this may need to be done in conjunction with a system backup service (which itself is also a great idea but not done by default, for obvious reasons).
I would strongly encourage you to raise this idea more publicly. The security team in particular would be worth soliciting input from - they might be able to say if this is a non-issue due to other existing protections, or suggest alternative approaches that would give better bang for the buck. Meanwhile, I'll set this to wishlist.