Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall & ClamAv


  • Please log in to reply
21 replies to this topic

#1 cmptrgy

cmptrgy

  • Members
  • 1,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:56 PM

Posted 15 March 2017 - 01:53 PM

I did sudo ufw enable which enabled the firewall to be active and enabled.

--- Is there anything I need to keep track of to ensure it stays active and enabled and that it is doing its job?

 

I also downloaded the ClamAV package for Internet security.

--- How can I tell what it does and that it’s running?

--- Can I do a manual scan if I want to?



BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:03:56 PM

Posted 15 March 2017 - 04:14 PM

Once the firewall on its mostly a "set and forget" type of thing. You typically don't have to mess with it unless you need to open up a port.

 

You should be able to run a manual scan with ClamAV. Check out its manual.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:56 AM

Posted 15 March 2017 - 04:30 PM

 

I did sudo ufw enable which enabled the firewall to be active and enabled.

Typing sudo ufw enable starts your firewall and creates a script that starts it every time you boot your PC.

 

Clam Av is an on-demand scanner only, and not a very good one at that, you are better off securing your browser by installing No Script, Ghostery, Https everywhere and Traffic light.



#4 BlueGalaxy

BlueGalaxy

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 15 March 2017 - 08:50 PM

 

Clam Av is an on-demand scanner only, and not a very good one at that.

 

What antivirus app for Linux would you recommend instead of ClamAv?



#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:56 AM

Posted 15 March 2017 - 08:52 PM

As I do not use antivirus I cant recommend one.



#6 pcpunk

pcpunk

  • Members
  • 6,102 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:56 PM

Posted 15 March 2017 - 10:19 PM

I use Clamav, you need to install ClamTK also, the Front end to Clamav.  For the new to linux may be best just to install it from the Software Manager.  You can find some youtube vids to help you use it, I'll leave one here but have not used it, it's just a loose guide for you.  Any Linux Malware Tools will need at least some knowledge as to what is being Detected.  There are some false positives and files will be flagged that you may want, even some system files in some cases.  Don't delete anything until you ask.  The only thing that I've ever had it work with are Browser Infections designed for Windows, but seem to reek havoc on my system.  You could just Clear Browsing Data and do the same thing, but I don't like doing that.

 

Also, don't scan your Windows Directories, or anything in Windows for that matter.  I've never used it in Windows but some have and it has caused problems.  After you install it via the Software Manager you can go to 1:55 mark at this video to see the basics on how to use it.  You may find better videos.


Edited by pcpunk, 15 March 2017 - 10:21 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:03:56 PM

Posted 16 March 2017 - 08:45 AM

 

 

Clam Av is an on-demand scanner only, and not a very good one at that.

 

What antivirus app for Linux would you recommend instead of ClamAv?

 

 

You really don't need an antivirus for Linux. As Nick Suggested you are better off just securing your browser.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#8 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 16 March 2017 - 09:03 AM

Generally speaking, it's not necessary to install an AV package on a Linux install.

Linux is not really targeted by the Malware writing community, so the number of Linux infections is miniscule in comparison to the miriad of possible infections that Windows users are subject to when they go online.

Provided you ....

  • Enable Linux' built in firewall
  • Secure your browser with a few useful add-ons like the ones NickAu recommended
  • Only install programs from your Distro's repository
  • Use a bit of common sense when deciding whether to click on something or not when you're online (and it just pops up in front of you)


.... then your chances of contracting an infection whilst using Linux are fairly remote.



#9 BlueGalaxy

BlueGalaxy

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 16 March 2017 - 04:58 PM

Generally speaking, it's not necessary to install an AV package on a Linux install.

Linux is not really targeted by the Malware writing community, so the number of Linux infections is miniscule in comparison to the miriad of possible infections that Windows users are subject to when they go online.

 

 

Not generally targeted? How is that so? To me it seems that since Linux operating system is used by servers, it would be more interesting for a cracker to take out a server and cause more damage, than to just take out a user's computer.

438931-24616-13.jpg

However, can the same malware be used to target Linux OS desktop users as well as servers? For instance, I can imagine a cracker integrating some of the lethal linux commands in a shell script to crash the server. Or just create a malware with Bash or C++ compiled Linux executable program to steal and/or destroy data. My experience with programming on Linux is not that good yet, but I think that theoretically it can be done. There is a thread on this forum that Linux is the #1 OS in the world. Then why do some people say that Linux is obscure compared to Windows in terms of attackers?



#10 Al1000

Al1000

  • Global Moderator
  • 7,976 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:08:56 PM

Posted 16 March 2017 - 05:25 PM

Personally I don't use anti-virus software with Linux either, and consider an updated operating system and browser, NoScript, AdBlockPlus and safe browsing habits, to be sufficient security.

If you do use ClamAV, be aware that it was originally designed to be an email scanner, and is notorious for reporting false positives when used to scan operating systems.

I wouldn't delete or quarantine anything, solely on account of ClamAV flagging it.

#11 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 16 March 2017 - 05:43 PM

An attackers motives for attacking a server are entirely different than their motives for attacking a desktop. The former are generally attacked to gain access to the data residing on them, the latter are attacked to gain control over the machine, so that it can be used to generate income for the attacker.

 

  • By re-directing searches, to generate click-through advertising income.
  • By utilising "free" disk space to distribute spam and porn.
  • By co-opting the computer into a botnet - which can be used in a number of ways to make money for the attacker.
  • Etc. Etc. Etc.

 

The difficulty of course is to get your malware onto your target, and that's usually a good deal harder to do on a server, because servers are generally operated by professionals.

 

So, for that reason, the majority of malware is written to attack desktops, because their average User is much more likely to load a "malicious" package.

 

Now if you were a malware writer, and you wanted to get maximum payback for your effort, who would you attack .... Windows, who have over 90% of the desktop market .... or Linux, who have less than 2% of the desktop  market ?



#12 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:56 AM

Posted 16 March 2017 - 07:22 PM

 

I use Clamav, you need to install ClamTK also, the Front end to Clamav.

No you do not need to install ClamTk, you can run ClamAv in terminal.

 

 

The only thing that I've ever had it work with are Browser Infections designed for Windows, but seem to reek havoc on my system.  You could just Clear Browsing Data and do the same thing, but I don't like doing that.

Shakes head and quietly walks away.



#13 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:03:56 PM

Posted 16 March 2017 - 08:35 PM

An attackers motives for attacking a server are entirely different than their motives for attacking a desktop. The former are generally attacked to gain access to the data residing on them, the latter are attacked to gain control over the machine, so that it can be used to generate income for the attacker.

 

Spot on!

 

Typically when gaining access to servers one would use security flaws in the network and software residing on a server and exploit them. They want to be way farther under the radar than throwing some malware on a system, especially a known one that any IDS should pick up on.

 

With a user PC an attacker doesn't really care cause they aren't pin pointing it. They are throwing a ton of stuff at a wall and seeing what sticks. As Gary said, Windows is the widely most used end user platform. So that is typically what is targeted. There are things written for Linux but they are pretty rare.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#14 pcpunk

pcpunk

  • Members
  • 6,102 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:56 PM

Posted 17 March 2017 - 11:14 PM

 

 

I use Clamav, you need to install ClamTK also, the Front end to Clamav.

No you do not need to install ClamTk, you can run ClamAv in terminal.

 

 

The only thing that I've ever had it work with are Browser Infections designed for Windows, but seem to reek havoc on my system.  You could just Clear Browsing Data and do the same thing, but I don't like doing that.

Shakes head and quietly walks away.

 

Yes, clearly anyone who has read one article knows this but it is much easier for beginners this way.

 

On your second comment, I'll just do the same?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#15 cmptrgy

cmptrgy
  • Topic Starter

  • Members
  • 1,686 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:56 PM

Posted 18 March 2017 - 01:20 PM

I'm using Firefox as my browser: I believe in safe practices  so I'll look into the recommendations to keep my system secure and well maintained before I move on to more projects.

How can I uninstall ClamAV?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users