Comment 1 for bug 1857410

Revision history for this message
Bryce Harrington (bryce) wrote :

Whether or not this should be done is a higher level question that should probably be discussed more broadly. As you point out, there are implications regarding performance that may make this undesirable to do for everyone across the board. This bug report is not really the right venue for that type of discussion - please raise it on Ubuntu Discourse, or the ubuntu-devel@ mailing list, or other project-wide discussion platform you prefer.

Personally, I think this is an idea worth pursuing. Online threats are omnipresent and only growing worse, after all. Historically Linux has tended to be safer due to its design and obscurity, but as you point out this is a false sense of security that will inevitably fail. So below is some speculation on how this improvement might be implemented:

Ideally each point of entry (Firefox, Software Center, ssh, ...) will have their own security mechanisms to prevent malware or intrusion, so probably for point-of-entry scanning (via clamav or other anti-virus mechanisms - see https://help.ubuntu.com/community/Antivirus) tickets should be filed against those packages, as appropriate.

However, clamav also has a system scanning mode that runs per a schedule (cron or at), and I gather that's what is being suggested here. To make it installed by default would require adding clamav to one of the seeds (the desktop seed if it's only wanted for desktop, or some other seed if it's needed for Ubuntu Server and so on). Clamav sends reports via email, so the system would need to have a configured email address, and be able to deliver email locally, or else have some other means of communicating troubles to the user (e.g. popup notification, dialog in System Tools, motd entry, ...) Some thought would also need to go into what to do for fully autonomous installs such as a cloud server that may receive little or no maintenance attention after deployment.

The antivirus software would probably need to be continuously updated in production, to have the latest signatures and other protection mechanisms. This implies that a standing FFE would need granted for clamav (and/or other AV software). (This is probably a good idea regardless of whether its installed by default or not.)

Clamav doesn't disinfect files, it just detects and/or removes them. That may be too destructive to be done generally, so implementing this may need to be done in conjunction with a system backup service (which itself is also a great idea but not done by default, for obvious reasons).

I would strongly encourage you to raise this idea more publicly. The security team in particular would be worth soliciting input from - they might be able to say if this is a non-issue due to other existing protections, or suggest alternative approaches that would give better bang for the buck. Meanwhile, I'll set this to wishlist.