Having studied their Linux Antivirus (TrendMicro ServerProtect), it's far from a clean, safe and well maintained piece of software:
* It comes with its own http server (apache, with a conf file mentioning NCSA (!))
* Their realtime kernel module barely compiles (on quite old kernel versions), has a disgusting code and Makefile and makes the computer slow or simply crashes when it kind of works.
* They ship their Antivirus with quite old libraries, some compiled more than 10 years ago, and some probably impacted by several CVEs (openssl < 1.0.0, quite old libxml).
* Their init scripts are an ugly thing written in perl lauching several services in one script.
* Their rpm packages are just mindfucking. You have one rpm package to install the software, and other rpm packages to patch it... WTF.
From a piece of software, running as root (or even worst, in kernel space), written in C and analyzing untrusted inputs by definition, it's a bit worrying to say the least.
To be fair, I've never used a Linux antivirus suite that wasn't a complete piece of garbage. For instance, every single on-access scanner I've ever seen has been so broken and terrible that it gets disabled almost immediately because it impacts the system's ability to function reliably.
Makes me wonder why any of them bother, except for the piles of cash they can make off of unscrupulous rubes in management who demand AV software across the entire environment.
Why is a conf file mentioning NCSA so surprising? Mosaic has a lineage that can be traced to modern browsers like Edge, so it'd make sense to have conf items geared toward the NCSA family of browsers.
Apache is derived from NCSA HTTPd, having a config file with NCSA mentions is a sign of the age of the apache codebase being used or an extremely old default configuration file being used.
* It comes with its own http server (apache, with a conf file mentioning NCSA (!))
* Their realtime kernel module barely compiles (on quite old kernel versions), has a disgusting code and Makefile and makes the computer slow or simply crashes when it kind of works.
* They ship their Antivirus with quite old libraries, some compiled more than 10 years ago, and some probably impacted by several CVEs (openssl < 1.0.0, quite old libxml).
* Their init scripts are an ugly thing written in perl lauching several services in one script.
* Their rpm packages are just mindfucking. You have one rpm package to install the software, and other rpm packages to patch it... WTF.
From a piece of software, running as root (or even worst, in kernel space), written in C and analyzing untrusted inputs by definition, it's a bit worrying to say the least.