Hello, I currently use NOD32 home user for Linux. Unfortunately Eset stops supporting it. I don't want their business solution because it is intended for at least 5 workstations and costs at least 220 euros. So I'm looking for a new AV for linux, even a paying one, with a good reputation. And please refrain from saying an AV is useless in linux. Thank you.
I think Sophos has a good reputation on Linux. https://www.sophos.com/en-us/support/documentation/sophos-anti-virus-for-linux.aspx https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosendpointprotectionforlinuxdsna.pdf I don't use an AV on Linux but I've heard Sophos runs well.
You're welcome. I don't know if the links helped or not. Might be worth checking here: https://ubuntuforums.org/forumdisplay.php?f=338 and: https://ubuntuforums.org/showthread.php?t=2464245&highlight=antivirus
The links concerning Sophos worked but they no longer support linux for home users. I forgot to mention I have a multiboot PC. Linux Xubntu is the most used. Sometimes Windows7 for games. The ubuntu forums was interesting to read. I understand that if the threats are different but I would not like Linux to pass virus to windows. My current AV sometimes detects dangerous files from Firefox, "... HTML/ScrInject.B cheval de troie supprimé ...". Some web pages contain maiicous code. Apart from that, what do you think of Dr.Web, a russian AV ?
@Fidelius. Used ESET some time ago on Mint. It was cheap then for home users. I had more confidence it ESET then CLAM. Home use has been discontinued (apparently). But it is available for Business users. Now called ESET Endpoint Antivirus for Linux On the ESET website look under Business > ESET Protect Entry. Supported OS includes Linux. However the cost is prohibitive ($400+) feandur
The business solution is very expensive and it has a minimal GUI. Some users says this Endpoint GUI is a joke. Read this https://forum.eset.com/topic/29375-...otally-useless-user-interface/#comment-137771
@Fidelius Thanks for that info. Shame; the old version was good. I still scan with Clam, check the hashes of all downloads, and (if necessary) upload to Virus total. But, I browse within Firejail and clean up after with BleachBit (minimal settings). Plus the usual suspects for browser extensions. I used dconf editor to limit the size and duration of stored cache for Bleachbit to have to clean out. Occasionally, I just blow away the OS and re-install fresh. I don't dual boot, but can only afford the multiple dedicated boxes by buying 2nd hand (selectively), and replacing the HDD ... Don't know if it's possible to browse the linux partition from within windows? feandur
Feandur, You can use TBOSDT (TeraByte OS Deployment Tool) in Windows to browse the Linux partition. It lets you browse files and directories, copy, delete files and directories, read text files, create directories, rename, etc
It's probably OK. I use Dr Web link scanner as a browser app. https://vms.drweb.com/online/?lng=e...ine&utm_source=drweb_site&utm_medium=glavnaya
I would think that if you use a malware blocking DNS service, an ad blocker in your browser and make regular backups there would be no need for an AV in Linux. I'll dare say that by using those options you're not even greatly at risk using Windows. But I guess that wasn't what was asked. Hopefully you find what you're looking for but if it were me I would not worry tremendously.
It does sound like something that has more potential for bad than good. Messing with the files of an offline OS is just dangerous. Unless it is already hosed and it is your best chance to recover stuff.
I certainly would never allow my Linux partition to be accessible from Windows. Not even possible, because I don't have a bare metal Windows installation. My Windows virtual machines do have a shared folder, but that's read only. In that case a Linux live USB will do, I guess. And if only your / (root) partition is 'hosed', you can make use of Timeshift to restore to an earlier known good point in time. https://www.fossmint.com/backup-restore-linux-with-timeshift/
Interesting thought. I've never seen it reported in the TeraByte forum. I frequently access offline OS with TBOSDT as at times I have up to 25 OS in the test computer. All have image backups.
True, but there are certain programs/drivers that can do it. Google search. https://www.howtogeek.com/112888/3-ways-to-access-your-linux-partitions-from-windows/
Why? E.g. Ext2Fsd can be configured to have write support. So, if such a driver is present, the malware should be able to use it?
Fair enough. it's just that it occurred to me that for someone using dual-boot Linux with Windows, and navigating their Linux partitions with TBOSDT, the least of their concerns is getting hit with ransomware For the specific question of this thread, I see someone already mentioned Clam AV. https://bestantiviruspro.org/best-antivirus-for-linux/
The concept of doing so was based on post #10: You can use TBOSDT (TeraByte OS Deployment Tool) in Windows to browse the Linux partition. It lets you browse files and directories, copy, delete files and directories, read text files, create directories, rename, etc This sounds like it would indeed allow the files on that partition to e encrypted if ransomware was present. That said, extorting money from Linux people (folks that don't pay for software) seems like wasted effort. They should be hitting the Mac folks.
Cannot agree more. An AV primarily detects Windows malware which cannot harm Linux. Yes, there is a couple of Linux malware which can infect Linux servers which are not updated or are not properly configured. For desktop systems this is usually not a problem - if one sticks to the official repositories and doesn't install software from some bogus websites.
