Hi
I have Sophos Free Linux in Kubuntu 14.04 and I necessited configure PUA on-access detect but I don't success to it ( I looked manual for savconfig in terminal ).
Any secret tip ?
Thanks
This thread was automatically locked due to age.
Hi
I have Sophos Free Linux in Kubuntu 14.04 and I necessited configure PUA on-access detect but I don't success to it ( I looked manual for savconfig in terminal ).
Any secret tip ?
Thanks
For a very good reason, this is not the correct forum. This is a firewall forum.
One of the moderators might read you request and move you to the correct forum.
Ian
XG115W - v20.0.2 MR-2 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
QC said:Hello Henrique RJ,
"regular" moderators can only move a thread if the original poster has joined the target group (in your case Free Tools).
Meanwhile to answer your question: While the Sophos Anti-Virus for Linux / Unix: Anti-Virus and HIPs policy - applicable settings article is targeted at Enterprise Console users is suggests that Adware and PUAs are not detected on Linux / Unix.
Christian
But, why not detect ?
Have any secret tip ?
Hello Henrique RJ,
please join Free Tools so that we can carry on in the appropriate forum.
Christian
QC said:Hello Henrique RJ,
please join Free Tools so that we can carry on in the appropriate forum.
Christian
Done !!!
Hello Henrique RJ,
thanks for joining this group.
why not detect
most Adware and PUAs target the "popular" OSs, Windows and OS X. Ideally the scanner should detect everything everywhere (well, some argue that it should only scan for threats to the platform it's running on). In real life you can't have everything thus the scanner has to make some trade-offs. While the scan for viruses and malware is cross-platform certain functions of the scanner (and scan for Adware and PUAs is among them) is platform-specific.
any secret tip
I'm afraid, no.
Why do you want to for PUAs and which PUAs do you have in mind?
Christian
Hello Henrique RJ,
can't say why the -pua option is only available from the command-line. Perhaps DouglasLeeder can tell.
Christian
DouglasLeeder is a Sophos Linux progammer ?
Hi,
There isn't any particular reason why PUA detection is only available for savscan, it was just never requested as a feature for on-access or scheduled scans.
The PUAs we detect are (primarily) for Windows, so wouldn't detect very much on Linux.
Thanks,
Douglas.
DouglasLeeder said:Hi,
There isn't any particular reason why PUA detection is only available for savscan, it was just never requested as a feature for on-access or scheduled scans.
The PUAs we detect are (primarily) for Windows, so wouldn't detect very much on Linux.
Thanks,
Douglas.
Thanks DouglasLeeder
PUAs include phishings and miners in Linux ?
Hi,
I'm afraid I don't know for certain, but I think PUA only include Windows programs, such as Adware.
Thanks,
Douglas.
Hi,
I'm afraid I don't know for certain, but I think PUA only include Windows programs, such as Adware.
Thanks,
Douglas.
DouglasLeeder said:Hi,
I'm afraid I don't know for certain, but I think PUA only include Windows programs, such as Adware.
Thanks,
Douglas.
But phishings and miners signatures are downloaded regularmentary in updates for savupdate.
Why on-access don't detect it ?
Hello,
[disclaimer: just observations, no inside knowledge]
right now there are several miners in the Latest PUAs list. Miners running on Linux are categorized as Viruses and Spyware/Trojans.
Adware and PUA for Mac OS X (like MacKeeper) detection has been added in 2015. PUA isn't AdWare, a number of legitimate software (like several programs in the Sysinternals/Microsoft PSTools collection) is classified as PUA.
signatures are downloaded
@Henrique RJ - signatures is perhaps not the ideal term as it elicits certain connotations (especially the one that "signatures" are independent and self-contained items that the scanner uses one after the other one a file until it either gets a hit or the list is exhausted). A detection item is part of a decision network, you can think of it as a set of instructions mostly working top down, i.e. refining the assessment, calling or branching to other items in the process. A classification as AdWare is not necessarily an afterthought. In other words, detection items aren't subdivided into those for viruses, others for Trojans, and so on.
Christian
QC said:Hello,
[disclaimer: just observations, no inside knowledge]
right now there are several miners in the Latest PUAs list. Miners running on Linux are categorized as Viruses and Spyware/Trojans.Adware and PUA for Mac OS X (like MacKeeper) detection has been added in 2015. PUA isn't AdWare, a number of legitimate software (like several programs in the Sysinternals/Microsoft PSTools collection) is classified as PUA.
signatures are downloaded
@Henrique RJ - signatures is perhaps not the ideal term as it elicits certain connotations (especially the one that "signatures" are independent and self-contained items that the scanner uses one after the other one a file until it either gets a hit or the list is exhausted). A detection item is part of a decision network, you can think of it as a set of instructions mostly working top down, i.e. refining the assessment, calling or branching to other items in the process. A classification as AdWare is not necessarily an afterthought. In other words, detection items aren't subdivided into those for viruses, others for Trojans, and so on.Christian
So Sophos in Linux don't detect phishings ?
No has any " out off " tip to make on-access detect miners and phishings ?
Any secret tip or tweak ?
Hello Henrique RJ,
phishings
are a different story. There's the famous Mal/Phish-A, as you can see "all" OSs are listed as affected. But please note that the Mal/ prefix indicates that it belongs to the Viruses and Spyware category - not to AdWare and PUA. There's also the rather large Troj/Phish family, again Viruses and Spyware.
Also note that there's "only" on-access scanning - it relies on the potentially offending content being available in scannable file. As phishings usually arrive by mail it depends on the behaviour of the mail client whether on-access gets the chance to scan the content.
miners
as said, some miners are in the Viruses and Spyware, others PUA. Guess the distinction is who runs it and who profits - if it's the user then it's likely PUA, if it's running without explicit consent then malware.
Any secret tip
The important question is: What is your scenario? Is this a Linux desktop and you want to be protected? Are yoi worrying that you might "pass something on"? Is this a file or web server accessed by non-Linux clients? Or a gateway?
Christian
QC said:Any secret tip
The important question is: What is your scenario? Is this a Linux desktop and you want to be protected? Are yoi worrying that you might "pass something on"? Is this a file or web server accessed by non-Linux clients? Or a gateway?Christian
Yes, it Linux desktop and I want to be protected.
Hello Henrique RJ,
I see. There's AFAIK nothing that's categorized as Adware or PUA for Linux. The Linux biotope is different from the ones for Windows or OS X. As there are reputable repositories for all kinds of (open and free) software you're much less likely to install a something from somewhere.
Having said that, browsing is the most likely cause for annoyance - but what could be caught by on-access scanning is mostly platform dependent and no problem on Linux.
Christian
Any hot tip ?
oh come on people, I need one tweaking configuration for Sophos Linux to detect phishings, adwares, PUAs and miners in on-access ( the assinatures exists, it's downloaded every weeks, I look that ).
thks