Monday, August 12, 2013

Do you need Anti-virus on Linux?

I will freely admit I was a naysayer for anti-virus on Linux.  That said, it is a good security policy so I setup and run periodic scans on the linux boxes I admin.  Until today, I had only ever seen Windows viruses sitting in peoples old mbox mailboxes, and given I would need to delete all of their email to address this nothing happened.

Today, that changed.  I was reviewing system messages from over the weekend and I saw an email from the clamscan cronjob I have setup on many servers.  It went a little like:
/tmp/openx-2.8.10/etc/plugins/openXVideoAds.zip: Backdoor.OpenX.CVE_2013_4211 FOUND
..../openads/plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js: Backdoor.OpenX.CVE_2013_4211 FOUND
..../openads/plugins/plugins/deliveryLog/vastServeVideoPlayer/flowplayer/3.1.1/flowplayer-3.1.1.min.js: Backdoor.OpenX.CVE_2013_4211 FOUND
..../openads/etc/plugins/openXVideoAds.zip: Backdoor.OpenX.CVE_2013_4211 FOUND

A quick google turned up a link to Packet Storm.  http://packetstormsecurity.com/files/cve/CVE-2013-4211

Where CVE-2013-4211 became an exploit candidate 3 days ago.  I see some other mentions from a few days earlier, but definitely not too long ago.  Since that time, clamav has updated it's definitions, freshclam downloaded them, and I got notified that I had an active backdoor on one of my servers because of maintaining a good anti-virus policy on Linux.

So ends the lesson.

Posted by at No comments:
Subscribe to: Posts (Atom)