Is any virus protection software needed for Red Hat Enterprise Linux?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4

Issue

  • Is any virus protection software needed for Red Hat Enterprise Linux?
  • Does Red Hat provide any-virus protection software?

Resolution

  • Red Hat does not provide anti-virus software.

  • Red Hat does provide a high level of security in the operating system and packages that we distribute. As security issues are discovered in various applications, Red Hat provides updated packages in a way which keeps potential risk to a minimum.

  • For information on Red Hat's policy on backporting security fixes see "Security Backporting Practice".

  • For information on Red Hat's policy on product security see "Product Security Overview".

  • Red Hat Enterprise Linux also includes a set of technologies which can greatly reduce the chance of Linux-specific exploits. One example found in Red Hat Enterprise Linux 3 and higher versions is ExecShield, which helps to eliminate memory buffer overflow exploits . Another example available in Red Hat Enterprise Linux 4 and above is SELinux, which is an implementation of a mandatory access control mechanism.

  • There are also some good security practices to follow to make sure a system is safe:

    • Keep a system updated so all patches and security updates are installed. A subscription to Red Hat Subscription Management (RHN) will help keep a system updated.
    • Run a local firewall on the system, such as iptables, to block any unused ports.
    • Do not login as the root user unless needed. Use sudo and log in as a non-root user.
    • Do not execute any untrusted code on the system, especially as the root user.
  • Enable Security-enhanced Linux (SELinux). This mechanism is in the Linux kernel, checking for allowed operations after standard Linux discretionary access controls are checked.

  • The following guides give detailed information on configuring a particular version of Red Hat Enterprise Linux from a security point of view :

  • There are third party anti-virus programs available from the Linux community, that protect other Windows clients on the network from viruses. They scan the files looking for Windows virus signatures. Thus, for example, a samba server serving files to Windows clients could have the anti-virus running on the samba server scanning these files

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

11 Comments

There is value in running a virus scanner in cases where a redhat server acts a file server (ftp,samba,etc) to windows clients.

True. I've added a note about Clamav ability to do this..Thanks

I am planning on Running A public facing web server and found Symantec 12.1.5 (newest release) is not supported on RHEL enterprise 7.0 and coming from a Windows world is making me uneasy.

Bill, not to worry. You are more than welcome to run Symantec on RHEL, but keep in mind that Red Hat cannot provide support for it. That doesn't mean you can't install it, it just means that we can't help diagnose it.

Feel free to review our scope of coverage here: https://access.redhat.com/support/offerings/production/soc

There ain't gona be "real time scan" that means you need patching kernel to make it work, and by doing that you risk losing your guarantee

As it is already mentioned in the article "scan the files looking for windows virus signatures", why the antivirus needs to be in Red Hat Linux. It will simply put load on the Linux server to protect the windows system which is sitting some where else and hosting some different applications. If the virus is creating problem for windows let it clear from windows system. I am 100% sure that there will not be any Windows server without antivirus.

I had a very bad experience with Antivirus in Linux, Have tested "Symantec" and "McAfee" in some test Linux servers. One CPU is 100% utilized whenever the real-time scan runs and the support from the vendor is very bad what they said is "Have more CPU in the server. Since it is a default behavior of virus scan"

If a Linux host is acting as a file-server - where shares are exported via samba or other means/methods - for windows clients, then why wouldn't you want at a minimum an on-demand file scanner on the file-server to ensure that it isn't serving out malicious files to your clients? ClamAV has on-demand scanning and is very customizable to support low-resource environments. If I were the SA for a file-server that is running Linux, I would be fired if I said "Well it's not impacting my file-server, your Windows machines are the problem."

One "very bad experience" doesn't mean you ditch a solution, it means you look at other offerings or wait for the offering to mature assuming it wasn't misconfigured in your deployment. If people ditched things from one bad experience a long time ago then SELinux would never be enforcing.

Preface /introduction : It's my two cents contribution...

I Think the same things that a lot of Linux users... few years to work on Linux system private and for my job...

Note : I don't hear from linux admin: Hey ! I have to go put an antivirus on all my servers, there are in dangers... the only is danger the most of time is the client microsoft machine ... you have to protect this machine, but nobody fears for its Linux server in particular when they are regulary update and protect like the best practice.

Antivirus on all Linux server is just to sleep better but it's not interesting in the true world.

First. For Linux, think differently, open source not closed source, the world is readable/clear, it's an open world, the code is readable and the community is not react for money but to do the best, beaucause often passion by their work in a good way ! More you keep it only in open source with code source open (the better is GPL) and open source on your system better it will be ! security too ! For instance, when you analyze : The code source kernel is controlled all the time, who add or not, particular about binary code who don't know about it like driver, this is most a problem for Linux. Antivirus can be the same class, if you use a no open source antivirus for all your linux machine. why buy a firewall on Linuix ? mind you ! already iptables/firewalld ... no money to do -> it's sucks for such people ! a lot of server become on Linux nowadays...

Second : Keep your money and improve your security system. Note : I understand fear of antivirus company but you can contribute and ameliorate the world on an open source project !

Third : It's not a microsoft system, for a part of proposition, maybe it's just money for antivirus company, I understand that is a lot of money this Linux market. Normal to try it... Personally, today when I hear install antivirus on all Linux server, I want to run away far of this company... why me, this is a joke ? :(

Fourth : A lot of company (unhappily) configure their Linux in minimal (no firewall, no patch, nothing !!! ); they use VMWare and zero admin security on Linux just on hardware proprietary (with fail and no upgrade, this is more difficult than a yum update....) great ! (zero iptable, no patching, update, no SELinux, no acl, no quota, repository come from Venus ! Company doesn't matter of Linux ) but Linux is secure inside when you admin it, you are responsible with patch/update official, security, do you do it ? It's 100x better than an antivirus in reality ! Note : You can take an insurrance too it's the same thing to sleep well and the performance of your Linux server will be best than an antivirus, do it if you want ;)

Fifth : Keep far the security hole in particular add an antivirus can be add potentials holes (process antivirus running with root user) who will not provide update (no by community ) and not enough/ fare away to compare with Red hat Distribution frequency.

Sixth : Good questions : do you update your distribution regularly (several time by week) ? Do you have SELinux in enforce mode ? Do you have iptable with a good configuration ? Do you use sudo ? Do you use another account that root (avoir l'uid 0) ? Do you use an ssh key ? A password with complexity and very long really ?

If you have a server of files or messages or file upload by someone (the upload must be tested/watched by antivirus just the repertory (like clamav))

Don't imagine Linux like the others OS. On linux, the Antivirus scan such choosen specific repertories not the memory (like ClamAV). It's already exist in open source without proprietary software. You have rootkit etc and a patching regular to avoid security problem.

Seventh : Antivirus have to stay a question one by one, don't generalize it ! An antivirus doesn't be add it without any reflexion, because it upgrades risk if it is not necessary. There is a risk itself because source code is not available, because it runs with root, it increases attack surface, it increases load of the server for nothing the most of time. It's more a problem than a solution. Do you read security recommandations of Red Hat ? Did it mention antivirus on all server ? Who said that ? Linux Torvalds ? Richard Stallman ? Greg Kroah-Hartman ? Who ? Do you hear antivirus on UNIX seriously on all machine ? maybe OpenBSD has an antivirus for all server ? The only reason is money and maybe loose confidentiality because all your machine should be have an antivirus ?

eighth : to conclude, what can i do to have a true valuable security ? Do I respect the best practice in security ? Red Hat has a security guide (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/index), follow it and do it the necessarily according to the sensibility of your server.

note : Sorry for this long message, you are an hero if you read until here :)

Hi Aymeric,

Your contribution is great. Only you missed one point.

99% of the Linux admins that have installed, anti-virus software were not forced by their boss, but by an audit policy of the vertical they work in.

Maybe virusses are not common, but trojans are detected too by most of these produtcs,

Regards,

Jan Gerrit

Simple answers are required. Is it Good to run AntiVirus on Critical Linux servers like Corebanking, Mobile banking app or DB Servers...

Hi DohaBank Doha,

You can get customer opinions by asking the question in the Discussion Forum.

Here you might not get a direct answer, for Red Hat does not provide anti-virus soft ware.

Regards,

Jan Gerrit Kootstra