Anti virus For Linux

The main reason to have anti-virus running on linux servers is usually not to protect the server itself - but to protect the end users who use the services / files on the server. Think of the server as a potential virus carrier.

In order to protect the server itself you should be looking at proper firewalling and server hardening procedures, and packages like aide / tripwire and chkrootkit / rkhunter to detect compromises if they happen.

We use clamav on our fileservers, mailservers, and webservers. On the fileservers (by far the largest) we configured it to scan the modified files hourly, and do a full scan over the weekend on a monthly basis. Otherwise the default configuration has not caused a noticeable performance impact.


Anti-virus products do have uses on Linux. While there isn't many viruses that target Linux, they are possible, and if it grows in popularity, then there's a chance that more viruses will be written for it. Having used Linux for 12 years I've never known anyone who's had a virus. There are worms and hacks, but a rootkit detector may be more useful, along with regular security updates.

Where you do what to run anti-virus checking is on mail servers and on file servers that server Windows clients.

We use clamav, which is an open source product, but you can buy Sophos and F-Secure products. I'm sure there are more.