Honestly, I use Linux and I need VirusTotal scans for side-loading .deb packages. It’s because I’m not a coding expert, auditing every code of the packages before installing it. So, I think it’s myth that Linux do not need antivirus or anti-malware. We have other different approaches too such as using anti-malware DNS servers.
Does this work? I would think scanning a *.package would only assess that content. Wouldn’t something malicious likely be in the code or dependency it could call via some form of get request? That .deb package itself could be completely “safe” until it calls a git clone <URL> to then run something malicious.
I think this would be more likely to work for appimage or flatpak, though the same approach could compromise the validity of the scan. Am I thinking too hard, or did I just miss the point?
Honestly, I use Linux and I need VirusTotal scans for side-loading .deb packages. It’s because I’m not a coding expert, auditing every code of the packages before installing it. So, I think it’s myth that Linux do not need antivirus or anti-malware. We have other different approaches too such as using anti-malware DNS servers.
Does this work? I would think scanning a *.package would only assess that content. Wouldn’t something malicious likely be in the code or dependency it could call via some form of get request? That .deb package itself could be completely “safe” until it calls a git clone <URL> to then run something malicious.
I think this would be more likely to work for appimage or flatpak, though the same approach could compromise the validity of the scan. Am I thinking too hard, or did I just miss the point?