Wayne Stallwood ALUGlist@digimatic.co.uk wrote: [...]
Now if you read advice from people who don't have a business interest in selling you protection you will generally hear the same thing echoed again and again. If you get software from trusted repositories and are not using your machine as a mail gateway or samba server for windows machines then there are currently very few reasons to run local AV protection. [...]
I agree wholeheartedly with Wayne on this. Viruses are very rare on GNU/Linux systems, which I believe is due to the diversity of systems:-
"Diversity, then, works against viruses. If all the systems on the Arpanet ran Berkeley Unix, the virus would have disabled all fifty thousand of the. Instead, it infected only a couple thousand. Biological viruses are just as specialized: we can't catch the flu from dogs.
Bureaucrats and managers will forever urge us to standardize on a single type of system: 'Let's use only Sun workstations' or 'Only buy IBM systems.' Yet somehow our communities of computers are a diverse population - with Data General machines sitting next to Digital Vaxes; IBMs connected to Sonys. Like our neighbourhoods, electronic communities thrive through diversity."
-- Clifford Stoll, The Cuckoo's Egg, isbn:0370314336
I think we're at much more risk from trojans (binaries from tainted sources), worms (programs that break-in and replicate - Stoll later realises that the virus above is actually a worm) and crackers.
Concentrate on checking any incoming programs before execution, avoiding any injection attacks (like using material from incoming email in your mail filters in an insecure way) and on generic perimiter security, like firewalling, intrusion detection and so on. Some of those measures will also detect most viruses.
Hope that helps,