Advice Request Is FortiClient for Linux worth it?

Please provide comments and solutions that are helpful to the author of this topic.

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The AVs for Linux do not provide realtime protection. They are only for scanning. Many of them don't even detect Linux malware, due to lack of appropriate definitions; they only detect Windows malware. So you can use them to prevent infecting Windows users, and to scan your Windows dual boot, but they won't protect your Linux installation.
If you want to scan your Linux, Clam might be a good choice -- at least it is made with Linux in mind.
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
The AVs for Linux do not provide realtime protection. They are only for scanning. Many of them don't even detect Linux malware, due to lack of appropriate definitions; they only detect Windows malware. So you can use them to prevent infecting Windows users, and to scan your Windows dual boot, but they won't protect your Linux installation.
If you want to scan your Linux, Clam might be a good choice -- at least it is made with Linux in mind.
If you have Windows clients, it is good to have an AV to make sure you do not send anything infected, but if it is not it is not worth it.:giggle:
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I tried ClamAV and SophosAV on my Manjaro linux dual Windows boot laptop Clam comes with a guI, Sophos not, but Sophos offers out of the box on-demand file scanning, while setting up ClamAV scanning takes soms steps. I decided to stat with Sophos, because it does kuch better with Windows based malware. The ln,y reason for me to install an AV on Linux is to prevent me zending infected files to friends on Windows, therefor I choose to keep Sophos
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
There is no reason for use av in linux... i doubt all those av can catch linux virus, that are realy lows. Take in consideration not all linux version are the same. For example some Linux distro have a big database from where u can chosen what software u wanna, and if them are rolling release the software is always update, so low chance to be exploited. Some others distro have low database and need more support from third party sources, and are periodic release.
 

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
If it is for domestic use from my point of view, it is not worth installing an AV in Linux, a waste of resources.:giggle:
I agree, a Linux AV would be just fun time rather then needed protection ... unless you are storing large amounts of vital files and working daily on Linux. I'd not even bother, as a fresh install of Linux is very easy to come by and no key to activate.
 
  • Like
Reactions: bribon77

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
I'm late to this party, but looking at my Fortigate protecting my server VLANs:

1604524226438.png



ironically Linux/Mirai ELF ARM malware is the most common thing hitting my network, which is funny because most of my web-facing servers are either FreeBSD or Windows Server.

I wouldn't say that a Linux AV is entirely worthless but I think Linux servers are more likely to be under attack compared to Linux desktops, which limits the value of something like a client side AV.


Interestingly ClamAV has almost no detection on any of these samples, which surprised me given its popularity in the Linux crowd.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top