Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Linux Anti-virus


  • Please log in to reply
22 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 05 April 2014 - 08:03 PM


 

  • If you are running a file server, interface frequently with Windows drives or share files with Windows users, or use virtualization, you will want a virus checker for your Windows files.
Please pay attention to the first line in this paragraph...... Small edit of the original post by me making the statement bold.
  • Despite extensive minsinformation, Linux is not immune from malware (witness the explosion of malware being created for the Linux-based Google Android systems). The malware is not usually spread within the OS itself (as long as the OS is a well-respected distribution obtained through official channels), but in trojan programs downloaded and installed by users outside of the normal software distribution channels (i.e. repositories) of the OS. There is always a danger to using programs downloaded from the Internet from sources other than respected repositories -- it is the primary reason that Debian and (K)Ubuntu retain tight control over their software repositories.

  • Any file can have malware embedded in it (which is trivial to achieve by concatenation, for example: cat originalfile.avi malware.exe > originalfileplusmalware.avi). The question is whether a user will try to open a file with a program (such as a media player) that has been compromised in a way that allows it to execute the code found in the infected media (e.g. .avi) file. This can occur not only for Windows users but for any OS (including Mac OSX and Linux) with a compromised program (e.g. media player). An example is the extensive problems the Mac OS community is currently having with the Flash player.

  • Routine scanning of any file downloaded from the Internet, any file imported from another user's computer (even a trusted source, since their attention to virus prevention may not be as compulsive as yours), or any attachment received in an email (even from a trusted sender) should be done with an anti-virus program.



ClamAV

18px-Prefapp1.png ClamAV is the open source virus tool for Linux. To install ClamAV:

sudo apt-get install clamav
  • If an error is returned: "The database directory must be writable for UID 1000 or GID 1000" in order for the virus database to be updated, then change the ownership of the installation directory (/var/lib/clamav):

sudo chown 1000 /var/lib/clamav
ClamTk (ClamAV GUI)

ClamTk is a GTK-based GUI frontend for ClamAV. Install:

sudo apt-get install clamtk
AVG

AVG offers a free virus scanner for Linux in a .deb package. Download and install from the website.



Avast

Avast offers a Linux edition (for home users only) in a .deb package. Download and install from the website.



 

Source

http://ubuntuguide.org/wiki/Kubuntu_Precise_Network_Management#Security


Edited by hamluis, 10 June 2014 - 07:50 AM.
Moved from Linux/Unix to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 05 April 2014 - 11:50 PM

ClamTK is the one that I use, and yes, it does find objects, usually browser related. It's not real time protection, however updates/scans can be scheduled.

 

Some of the brands that's primarily marketed to Windows consumers doesn't always play well with some LInux versions and/or is tricky to install. Especailly the Avast brand.

 

Comodo also has an AV for Linux. Though on low spec computers, it's best to stay away.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#3 bmike1

bmike1

  • Members
  • 596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Florida, USA
  • Local time:07:35 PM

Posted 21 May 2014 - 12:25 AM

I go to download avast and it takes me to cnet and they don't give the option of downloading linux. when I select android it takes me to a list  that..... I don't know what I did but I got it to download an executabl (.exe) windows program. Should I run that?


A/V Software? I don't need A/V software. I've run Linux since '98 w/o A/V software and have never had a virus. I never even had a firewall until '01 when I began to get routers with firewalls pre installed. With Linux if a vulnerability is detected a fix is quickly found and then upon your next update the vulnerability is patched.  If you must worry about viruses  on a Linux system only worry about them in the sense that you can infect a windows user. I recommend Linux Mint or, if you need a lighter weight operating system that fits on a cd, MX14 or AntiX.


#4 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 21 May 2014 - 05:41 AM

It is pointless having a antivirus running all the time in linux.

Use it as a more on demand type of thing. 

I do not bother with AV.  And every Linux forum I go to says the same thing, Only reason to have 1 is to be neighbourly to our poor brothers and sisters who run Whingedos.

 

Secure your browser with things like NoScript, AddBlock, PopUpBlocker, and you will be fine.

It is generally accepted that there are no currently wild viruses for Ubuntu, or any Linux based system. That is unlikely to change because of the vast quantities of eyes watching the code, integrated update system, and more in-built security.

 

 

How to Install and Update avast! Antivirus in Ubuntu http://howtoubuntu.org/how-to-install-and-update-avast-antivirus-in-ubuntu

 

For anything  Buntu you want http://files.avast.com/files/linux/avast4workstation_1.3.0-2_i386.deb


Edited by NickAu1, 21 May 2014 - 05:59 AM.


#5 Winterland

Winterland

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:06:35 PM

Posted 21 May 2014 - 06:20 AM

Hey there NickAu1, thanks for the post.

 

As you know, I've been stumbling around in my new Fedora and am about to get rid of that and find another flavor...leaning towards some Mint and as I've been getting my feet wet with all these distros, I keep going back and back to the idea of, "do I need an AV with Linux?"

 

 

I know that nothing is really safe out there in the World Wide Web and I do not always surf safe. :whistle:

 

 

When I'm out and about being reckless on my Windows side, I've got everything locked down pretty well but haven't *quite* figured out what I might need in the world of Linux, if anything.

 

 

I'm so used to the layered approach in a Windows environment, I always feel awkward and reckless when I'm clicking and downloading my way through the Web when I'm on the Linux side of things.

 

So, again, thanks for the post, information and the links. It's always appreciated by us Linux noobs.

 

Hope you got that Coke-colored laptop issue worked out....

 

Winterland


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#6 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 21 May 2014 - 06:51 AM


 

As you know, I've been stumbling around in my new Fedora

Never used it, Whats it like?

 


 

I always feel awkward and reckless when I'm clicking and downloading my way through the Web when I'm on the Linux side of things.

And you are lol.

 

What are you downloading?

You should only EVER get software for your Linux thru the repo sudo apt-get install software, or thru your software manager, If I cant get it in the repo I dont want it. And now I usualy try and get the source and compile my own stuff.

 

All the Buntu's are quite good straight out of the box, all you need is to enable the firewall.

sudo ufw enable

 

Torrents are torrents no matter the OS, While the Linux community  encourages the use of torrents, I say be carefull what you download. I would never torrent software, If I want music I get it from Youtube, As for movies well there are better things than torrents.

While Virus threat may not be that effective against Linux atm, hacking is.

If you must torrent use an old pc without a HDD boot puppy linux from CD then use transmission and save the file to usb.

 

This is a must have.


rkhunter

https://help.ubuntu.com/community/RKhunter

 

 

I no longer have to sleep on the lounge and can get a new laptop, the boss said so.


Edited by NickAu1, 21 May 2014 - 07:00 AM.


#7 bmike1

bmike1

  • Members
  • 596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Florida, USA
  • Local time:07:35 PM

Posted 21 May 2014 - 02:11 PM

I just got done with an CLAM scan on my Mint box. It said I had 17 infections. It did not tell me if it fixed it though. Then I ran AVG and it didn't report any infections.


Edited by bmike1, 21 May 2014 - 02:25 PM.

A/V Software? I don't need A/V software. I've run Linux since '98 w/o A/V software and have never had a virus. I never even had a firewall until '01 when I began to get routers with firewalls pre installed. With Linux if a vulnerability is detected a fix is quickly found and then upon your next update the vulnerability is patched.  If you must worry about viruses  on a Linux system only worry about them in the sense that you can infect a windows user. I recommend Linux Mint or, if you need a lighter weight operating system that fits on a cd, MX14 or AntiX.


#8 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 21 May 2014 - 04:35 PM

 

I just got done with an CLAM scan on my Mint box. It said I had 17 infections

Clam has some of the worst detection rates and false positives around..


Edited by NickAu1, 21 May 2014 - 05:22 PM.


#9 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 21 May 2014 - 08:03 PM

I just got done with an CLAM scan on my Mint box. It said I had 17 infections. It did not tell me if it fixed it though. Then I ran AVG and it didn't report any infections.

If you're speaking of ClamTK, which I also use at the end of each session, many of the found objects are browser related, if the /home folder is scanned. ClamTK not an automatic thing, each object has to be clicked onto & quarantined or deleted, Like with Windows, it's best to quarantine. After 2-3 weeks, if all is OK, these can then be deleted. I do not use ClamTK to scan my main Linux MInt file systems with, just the home folder, where my browsers & VM's are installed.

 

However, do NOT use ClamTK to scan a Windows install, as many safe files that's needed for proper Windows operation will be flagged, if quarantined, the Windows install will surely be unbootable. ClamTK tends to see most any .exe file as a threat, it's designed for select Linux OS's only. For Windows, there's ClamAV, that's a whole different app.

 

On my Linux Mint systems I also use rkhunter & chkrootkit, both are available from the Software Manager. Plus the software Firewall that NickAu1 mentioned (& NoScript/AdBlock Plus), however that's a secondary one, I depend more on the hardware Firewall that my wireless router provides. Settings are model specific, however there is one setting that most all has, which is to disable remote settings (or resettings) of the router. This should be done on any router, regardless of the installed OS, to prevent unauthorized changes. Plus be sure to remane the connection to anything other than the defaults (often the make/model of router) & create a unique passphrase.

 

If those things aren't done, most anyone potentially has control over the wireless router. Default passwords for specific models are published on the Web, meaning that if one sees a connection say like "TrendNET652", meaning that it can be taken over in seconds. If the password is changed from outsiders, they can see all incoming/outcoming traffic & intercept whatever is there, as well as can make other changes. The only way to fix this after the fact is to unplug it, remove it from the modem, replug it in & following the instructions for your model, reset it. Most has a small pin in the rear to do this with & can be done with a toothpick, straightened paperciip, whatever. It normally a simple process.

 

When reattaching the router to the modem, then setup security. Create a passphrase that contains upper & lower case letters, numbers & alpha numeric keys (!@#$%^&*(). This prevents dictionary attacks.

 

Though some Linux users does, I don't run security brands aimed at Windows customers on Linux OS's. The reason is that most of these does the same that is done in Windows, hog resources. The last one that I tried to use was Comodo for Linux, it may have been good protection, but the PC (Dell Dimension 2400 w2GB DDR 2700 RAM, 3.06GHz P4 H/T Northwood CPU) wasn't a powerhouse & the impact was very noticeable.

 

As far as AVG not finding anything, while that's good, it may be that ClamTK was looking for different type of threats, such as browser objects (spyware). In that respect, Linux security is no different from Windows. Each app is designed to find certain threats. I've found ClamTK to be very comparable with SuperAntiSpyware for Windows, as all it ever finds is browser objects. It is good that these are found & caught, as they can be passed on to Windows computers.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#10 bmike1

bmike1

  • Members
  • 596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Florida, USA
  • Local time:07:35 PM

Posted 22 May 2014 - 02:28 AM

worst detection rates rates? then what do you recommend, nick?

 

chkrootkit turned up:

 The following suspicious files and directories were found:  
/usr/lib/pymodules/python2.7/.path /usr/lib/jvm/.java-1.7.0-openjdk-i386.jinfo /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit
 
Checking `lkm'...                                           You have     1 process hidden for readdir command
You have     1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
 
(a possible explanation for the following is I am using these files now)
 
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! entertainment/Music/InTheMood.mp3       0 ntertainment/Music/IfIHadYou.mp3 /media/bmike1/entertainment/Music/JeanieJeanieJeanie.mp3 /media/bmike1/entertainment/Music/JumpinJack.mp3 /media/bmike1/entertainment/Music/JumpJiveAnWail.mp3 /media/bmike1/entertainment/Music/KingPorterStomp.mp3 /media/bmike1/entertainment/Music/LetsDance.m
! entertainment/Music/ShesSexy+17.mp3 /media/bmike1/entertainment/Music/SingSingSing.mp3 /media/bmike1/entertainment/Music/StrayCatStrut.mp3 /media/bmike1/entertainment/Music/Styx- Blue Collar Man.mp3 /media/bmike1/entertainment/Music/WhyDontYouDoRight.mp3 /media/bmike1/entertainment/Music/Zoo       0 unawayBoys.mp3 3 /media/bmike1/entertainment/Music/SingSingSing.mp3 /media/bmike1/entertainment/Music/StrayCatStrut.mp3 /media/bmike1/entertainment/Music/Styx- Blue Collar Man.mp3 /media/bmike1/entertainment/Music/WhyDontYouDoRight.mp3 /media/bmike1/entertainment/Music/Zoo
 
rkhunter turned up:
 
Performing system configuration file checks
    Checking for a system logging configuration file         [ Found ]
[00:05:24]   Checking for a running system logging daemon    [ Found ]
[00:05:24] Info: Found rsyslog /etc/rsyslog.conf configuration file: 
Checking if SSH root access is allowed                   [ Warning ]
 
 Performing filesystem checks
    Checking /dev for suspicious file types                  [ Warning ]
[00:05:25] Warning: Suspicious file types found in /dev:
[00:05:25]          /dev/.udev/rules.d/root.rules: ASCII text
 
    Checking for hidden files and directories                [ Warning ]
[00:05:26]   Checking for hidden files and directories       [ Warning ]
[00:05:26] Warning: Hidden directory found: /etc/.java
[00:05:26] Warning: Hidden directory found: /dev/.udev
[00:05:26] Warning: Hidden file found: /etc/.sudoers.swp: Vim swap file, version 7.3
[00:05:26] Warning: Hidden file found: /dev/.blkid.tab: ASCII text
[00:05:26] Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text
[00:05:26] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
[00:08:04]
[00:08:04] Info: Test 'apps' disabled at users request.
 
This must be disabled by default because I didn't disable it The man page doesn't tell me how to enable it.... how is it done or else should I not worry about it?
 
So what should I do now? Teach me what to do so I am not constantly asking and posting portions of the log.

Edited by bmike1, 22 May 2014 - 02:33 AM.

A/V Software? I don't need A/V software. I've run Linux since '98 w/o A/V software and have never had a virus. I never even had a firewall until '01 when I began to get routers with firewalls pre installed. With Linux if a vulnerability is detected a fix is quickly found and then upon your next update the vulnerability is patched.  If you must worry about viruses  on a Linux system only worry about them in the sense that you can infect a windows user. I recommend Linux Mint or, if you need a lighter weight operating system that fits on a cd, MX14 or AntiX.


#11 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 22 May 2014 - 03:34 AM

Try this.

http://www.dedoimedo.com/computers/chkrootkit-lkm-warning.html

 

I could be wrong, From what I read by Googeling it, its a false positive. If you are trully worried about this may I suggest a Linux forum Eg. http://ubuntuforums.org/ I am sure they will tell you more about it.

 

 

1 worst detection rates rates?

2 then what do you recommend, nick?

1 Yes from everything I read on Linux forums.

2  I do not recommend anything as I do not use anything.

 And it is because of threads like this 1 that I do not bother http://ubuntuforums.org/showthread.php?t=2214187

 

And stuff like this that I do not use anything.

 


The Reality

If you are going to trade files in a Windows world, you'll need to scan those files for viruses. You won't get infected, but you may help infect someone els

 

https://help.ubuntu.com/community/Linuxvirus

I do not trade files with windows, I have no vindows machines.


Edited by NickAu1, 22 May 2014 - 04:59 AM.


#12 Winterland

Winterland

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:06:35 PM

Posted 22 May 2014 - 06:27 AM

@Cat - thanks for the post and all the tips and information contained within. I have not tweaked my router the way I should and it's been on my mind as of late, so I think that will be this weekend's project.

 

I have disabled the remote access setting and did change my default password, but I did not change it to something that would be able to withstand even the weakest of dictionary attacks.

 

I've been playing around with an Ophcrack CD to bust into a friend's XP machine and was astonished at how little time it took, so it's a good reminder.

 

Also, great points about how Window based app don't always play nice/well in Linux environments and vise versa.

 

 

 

 

@NickAu1 - Fedora is okay. Nothing special about it and, as most here know, which ever flavor distro you use, mostly it's just a matter of finding out where everything is.

 

Where is my photo editor, where is my Audacity or do I need to download it? Where the heck is my LibreOffice, or do I need to download that as well?

As for downloading - mostly I'm just pulling free music downloads directly from artist's websites (or YouTube) and/or a lot videos from the TED site.

 

Rest assured I don't, nor have I ever, downloaded from a torrent sites. I know that there are plenty of good sites and reasons to use torrents, I just haven't dipped my toe into that pool yet and not really that interested in trying to do so. I'm kind of old-fashioned in that I still buy DVD's, Blu-Ray discs and...yeah, I still buy music CD's.  :guitar:

 

So there you go.

 

Glad to hear you're not sleeping on the lounge any more and that a new laptop is in your future.

 

All's well that ends well. 

 

Thanks again to everyone who contributed to this post.

 

I'm off to go delete my Fedora and perhaps install some Mint.

 

onward,

 

Winterland

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#13 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,694 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:35 AM

Posted 22 May 2014 - 06:55 AM

 

and did change my default password, but I did not change it to something that would be able to withstand even the weakest of dictionary attacks.

Which of the following two passwords is stronger,
more secure, and more difficult to crack?

 

 

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!

Try this to see how good your passwords are.

https://www.grc.com/haystack.htm



#14 bmike1

bmike1

  • Members
  • 596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Florida, USA
  • Local time:07:35 PM

Posted 22 May 2014 - 03:07 PM

 

So, it seems to me that (as I've thought all along) that Linux is almost impervious to viruses.


A/V Software? I don't need A/V software. I've run Linux since '98 w/o A/V software and have never had a virus. I never even had a firewall until '01 when I began to get routers with firewalls pre installed. With Linux if a vulnerability is detected a fix is quickly found and then upon your next update the vulnerability is patched.  If you must worry about viruses  on a Linux system only worry about them in the sense that you can infect a windows user. I recommend Linux Mint or, if you need a lighter weight operating system that fits on a cd, MX14 or AntiX.


#15 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:35 PM

Posted 22 May 2014 - 05:17 PM

 

 

So, it seems to me that (as I've thought all along) that Linux is almost impervious to viruses.

 

Much more so than Windows, but keep in mind that no operation system of any brand is 100% infection proof & don't believe anyone that states otherwise.

 

As long as the Linux user is using good compuing practices, chances are that there will be no serious infections. The types of viruses/malware that will destroy a Windows OS won't phase a Linux one. Though it's still possible & this isn't the fault of the Linux OS, that an infected email attachment sent to a Linux user, can be forwarded to a Windows user & it will infect that user, if opened & not protected.

 

That's the main purpose of an AV for Linux, is for email scanning. The only way though, that such an email could infect a Linux computer is for it to be written to target that OS. And still, the core wouldn't be infected, unless the Linux user was running as root (same as "Run as Administrator" on Windows). It is strongly advised by all Linux experts to only use Root as needed, for maintenance, not to run browsers/email clients/other apps.

 

At one time, which has been some time back now, there was a flaw in Firefox that exposed certain Linux computers to remote code execution. That issue has been fixed for 2-3 years.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users