Are there potential issues with applications on Linux? Yes, but note:applications. Very few exploits have been found in the kernel.
Are there packages that can be used to scan email on the Linux side for Windows "badstuff"? Yes, but as noted, you would have to explicitly share the file with your Windows side.
Windows XP: I think Kaspersky still supports it. Yes you have to pay for it, sometimes it's a bit heavyweight, but it does a good job. Problem is (as with all AV stuff) they wind up playing a bit of catch-up, they need to see a sample first before they can protect against it.
Easiest ways to minimize impact in Linux, even if you hit a bad website:
Don't run as root. Login as a nonpriviledged user, use sudo or su from a terminal when needed.
Firewall. Make sure the firewall is enabled, default deny inbound and outbound, only turn on things as you need them. 90% of normal everyday stuff can be done by allowing the following:
UDP: domain, ntp, https, imaps, 1935, 1194 (last 2 are typically used for VPN stuff)
TCP: domain, http, https, imaps, pop3s, smtps, 1935, 1194
SSH/SCP add port 22 to TCP. I know HTTPS is not a UDP protocol but it's a Google thing (QUIC)
The firewall should be stateful so that inbound connections are only a response to an outbound request.
Get to know what traffic is normal for your network. You'll want to learn how to use tcpdump or wireshark to look at traffic, also embrace the terminal/CLI. One of your most important commands for network stuff is:
so man netstat
one of the best is netstat -aln this lists all the listening sockets which could allow a connection to the machine.
Edited by mremski, 19 May 2017 - 03:09 AM.