C7) Where can I get a virus scanner for my Unix system?

Basically, you shouldn't bother scanning for Unix viruses at this
point in time.  Although it is possible to write Unix-based viruses,
we have yet to see any instance of a non-experimental virus in that
environment.  Someone with sufficient knowledge and access to write an
effective virus would be more likely to conduct other activities than
virus-writing.  Furthermore, the typical form of software sharing in
an Unix environment would not support virus spread.

This answer is not meant to imply that viruses are impossible, or that
there aren't security problems in a typical Unix environment -- there
are.  However, true viruses are highly unlikely and would corrupt file
and/or memory integrity.  For more information on Unix security, see
the book "Practical Unix Security" by Garfinkel and Spafford, O'Reilly
& Associates, 1991 (it can be ordered via e-mail from nuts@ora.com).

However, there are special cases for which scanning Unix systems for
non-Unix viruses does make sense.  For example, a Unix system which is
acting as a file server (e.g., PC-NFS) for PC systems is quite capable
of containing PC file infecting viruses that are a danger to PC clients.
Note that, in this example, the UNIX system would be scanned for PC
viruses, not UNIX viruses.

Another example is in the case of a 386/486 PC system running Unix,
since this system is still vulnerable to infection by MBR infectors
such as Stoned and Michelangelo, which are operating system
independent.  (Note that an infection on such a Unix PC system would
probably result in disabling the Unix disk partition(s) from booting.)

In addition, a file integrity checker (to detect unauthorized changes
in executable files) on Unix systems is a very good idea.  (One free
program which can do this test, as well as other tests, is the COPS
package, available by anonymous FTP on cert.org.)  Unauthorized
file changes on Unix systems are very common, although they usually
are not due to virus activity.


.