Linux servers come in many flavors, from Red Hat to SUSE to Ubuntu. All share a common reputation as being largely immune from the malware problems that plague Windows. It’s no surprise, then, that many IT professionals wonder whether it’s really worth installing antivirus software on their Linux servers. As it turns out, the answer, more often than not, is yes.
One reason to consider installing Linux antivirus is that malware for Linux does, in fact, exist. It’s far less common “in the wild” than Windows malware, but rootkits like the one that targeted the SSHD daemon earlier this year demonstrate that it is a real threat. Do you want to explain to the boss that a mission-critical server got trashed because you didn’t think it was likely to get infected?
While internal Linux servers have a small risk of exposure from Linux-specific malware, public-facing web servers are a major target. An average of 16,000–24,000 URLs are compromised each day by malicious code, according to SophosLabs. Cybercriminals target vulnerable components of websites, like content management systems (e.g., WordPress and Joomla), application environments (PHP), control panels (Plesk and cPanel), and even the ubiquitous Apache web server. Web servers should therefore always be protected with antivirus software and ideally with a web application firewall as well.
Even if a Linux server is itself not infected, it may still put your users at risk. Have you heard the story of Typhoid Mary, the woman who never became sick herself, but carried the typhoid fever infection and spread it to over 50 people? Linux servers can similarly act as carriers, especially when they function as file servers or document repositories. In fact, SophosLabs tells us that the majority of detections of malware on Linux systems are for Windows malware.
Finally, compliance regulations like PCI-DSS may simply require you to install antivirus software on systems that store or process sensitive data. Failing to install antivirus software in these instances may expose your organization to fines and/or legal liability in the event of data loss.
Sophos Server Protection
One common objection to installing antivirus on Linux servers is that it can affect the servers’ performance. Fortunately, Sophos Antivirus for Linux has a small footprint and minimal impact on system speed. Basically, you won’t know it’s there—except, of course, when it detects and blocks a threat from infecting your server or spreading to your users’ workstations.