An antivirus scanner for Linux servers with Windows clients

Conclusions

Sophos has gotten many things right with its antivirus scanner for Linux: The tool runs unobtrusively in the background, and it only warns the user in case of an actual virus infection. On the downside, the program occupies more than 600MB on disk and takes a hefty swig of RAM: The two processes that make up the Sophos daemon need some 350MB of RAM even when idle.

To check the antivirus scanner's influence on the system's read and write performance, I copied the Linux kernel 4.0 source code on a Gigabit Ethernet LAN to a test computer with Debian 7.5 and SAV via SCP. Without antivirus protection, it took five minutes to transfer 52,000 files totaling 564MB. With the on-access scanner enabled, the copy time was almost twice this (Table 1). The additional hard disk access turned out to be the bottleneck; the CPU had more than enough resources during the file transfer process (Figure 5).

Table 1

Influence of the On-Access Scanner

Action

Duration (min)

Transfer rate (Mbps)

Compared (%)

Without On-Access Scanner

SCP receive

4:57

15.18

100

SCP send

6:23

11.77

100

With On-Access Scanner

SCP receive

8:56

8.41

55.4

SCP send

10:14

7.34

62.4

Figure 5: With heavy disk activity, additional file access by the antivirus scanner affects read/write performance.

Who should install Sophos Anti-Virus for Linux? Sophos does not make any big promises for the product on its homepage: The program only looks for malware that targets Windows computers, Macs, and Android smartphones and tablets. The vendor does not say anything about malware for Linux; thus, the scanner targets users who want to safeguard Windows computers connected to a file server and keep their users from passing on files that are infected with malware. In this case, you will probably prefer to do without the power-hungry on-access scanner and investigate suspicious files as the need arises.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Virus Checkers

    So you want a virus checker? We’ll show you what we found when we toured some of the top scanners for the Linux environment.

  • KlamAV

    Linux may not be as virus-ready as Windows, but who wants to harbor pointless malware? Now you can hunt for viruses with KDE's KlamAV, a desktop front-end for the ClamAV Open Source virus protection system.

  • Pest Control: Free Virus Scanner AVG 8.5

    AVG Technologies has released a new version of its virus scanner for Linux as AVG 8.5. Biggest features are its malware protection, improved virus filter and on-access scanner based on the RedirFS filesystem.

  • Samba Antivirus

    Realtime virus scanning at the file server is an elegant and efficient option for protecting Windows clients. We’ll show you some tools and techniques for realtime scanning with Samba.

  • Security Lessons: ClamAV

    Protecting Windows clients from the big bad Internet.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News