Malware Scanner for Linux?

Discussion in 'all things UNIX' started by lucygrl, Jan 20, 2014.

Thread Status:
Not open for further replies.
  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Is there a malware scanner for linux? Im using ClamAV for virus check, but was wondering if there was a malware scanner?
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    There is rkhunter and chkrootkit, but the Linux gurus say they are not needed for desktop use, they throw a lot of false positives and are hard to interpret. Don't think like a Windows user. I think some of the main AV players have Linux versions, but I forget who, specifically.
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Avast and comodo have linux versions of their scanners but i feel they would be a waste of resources.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Some of the Antivirus Live CD's will scan both Linux and Windows Partitions and some will only scan Windows Partitions. I don't remember which ones will scan Linux Partitions.
     
  5. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    What about Linux Malware Detect from R-fx Networks? Any opinions on this?
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    There's clamav, rkhunter, chkrootkit, etc.
    Most Linux home users won't have good products like WIndows home users do. If you really want the best you'll need to buy their corporate stuff.
     
  7. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Is a malware scanner needed in linux at all.?
    I currently have no security software installed at all and my browser is the only program with any form of security measures in place.
     
  8. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    Well I think this way:

    * If you use Linux and share files with Windows, don't scan them. If the Windows users get infected it's their problem because they don't use Linux :D

    Now obviously I was just kidding.

    I don't have any Windows-executable files in my drive but even so I scan everything just in case I have something infected, be it a .pdf or a .jpg.

    If you don't share files with Windows/MAC then I don't see a point in having a malware scanner, but some basic considerations must take place:

    * Have strong passwords;
    * Have a less privileged user account for normal use (not even with sudo enabled);
    * Only log in as root when needed;
    * Configure a firewall (https://wiki.archlinux.org/index.php/Simple_stateful_firewall#Firewall_for_a_single_machine);
    * Don't run files like "britneySpearsNaked.sh";
    * Stick to the Official Repositories;
    * Make Back-ups regularly;
    * Don't visit known malicious websites;
    * Don't mess with your kernel, only if you know what you're doing;

    And if you're more paranoid:

    * Don't install FlashPlayer/JAVA;
    * Encrypt your drives;
    * Use a hardware firewall (like a router, for example);
    * Scan for rootkits;
    * Join a VPN and use Tor as well;
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    @amarildojr.
    Thank you kindly for your in depth post.I have only been using linux for a few weeks and still learning.

    Much appreciated.
     
  10. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    No problem :D
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    Hello:

    I did read your subsequent post, in this thread, and I understand you are a newbie with a Mint distro.

    Please ask yourself what you will do if a malware developer re-writes any of the following threats, or your system becomes a botnet controller for a criminal enterprise.

    https://en.wikipedia.org/wiki/Linux_malware#Threats

    I'm very sure that none of us want to become an unknowing remote clearing house for child pornography, collector/distributor of stolen government secrets, or credit card/identity information.

    Exactly how will you convince ambitious government authorities to release you from custody, without a bail bond, and return your seized computer equipment? Are you sufficiently funded to put together a victorious legal defensive team for the criminal/civil court case(s) to follow?

    Will all of your immediate family, relatives, friends, neighbors, co-workers, employers, fellow church members be totally convinced of your innocence from the very beginning? Will newspapers, blogs and web sites release retractions to published reports of your suspected wrong doings?

    I truly do wish you well in all things. But do protect your computing...
     
    Last edited: Jan 25, 2014
  12. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    Seriously, don't be that paranoid.

    There are a few Linux malware, and the vast majority (if not all) of them are not in the wild. The chances of you specifically being infected are close do zero. Having a good firewall configured is more than enough to protect against attacks, the rest (concerning viruses/trojans/etc) is up to you: Follow the basic principles I said and you'll be fine. 80% of the Linux security is made by the user.
     
    Last edited: Jan 25, 2014
  13. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,983
    Location:
    Brasil
    http://www.linuxinsider.com/story/78748.html
     
  14. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Many developers of Windows anti-malware software have Linux versions as well. You may wish to check with your existing Windows-vendor to see what they have available.

    Regards,

    Aryeh Goretsky
     
  15. ZERO ACCESS

    ZERO ACCESS Registered Member

    Joined:
    Oct 24, 2013
    Posts:
    12
    Location:
    Kernal32
    Yes many vendors have linux antivirus,but "Are they updated according to linux world need ?"
    I am not tried any as i am also new to linux but thier page look like they are created thousand year ago.:D
     
  16. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    701
    Location:
    North of the 38th parallel.
    I somewhat agree with you here. It then would be a good sign that their definitions database be updated frequently.

    A question arises as whether the engine also makes use of heuristics, or other modern techniques, and if same are updated with database updates or does the engine require timely updates to remain viable.
     
  17. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Generally speaking, most (if not all) anti-malware companies send the same signature updates to their Windows, OS X and Linux/UNIX-like programs. That's because even though the computer may be running OS X or Ubuntu, it may still come into contact with Windows files (on another partition, sent via email, etc.).

    Regards,

    Aryeh Goretsky
     
  18. ZERO ACCESS

    ZERO ACCESS Registered Member

    Joined:
    Oct 24, 2013
    Posts:
    12
    Location:
    Kernal32
    ofcourse i think the first step of security software is to establish a confidence in users.
    i visited some security software sites few days before may be rootkit scanner now i don't remember which was that but one thing discourage me is one product page saying latest version released in 2001,others saying in 2004 and another saying 2007 or 2010.While i know avast ,comodo ,clam,eset ,bitdefender has linux version but as i said i am new to linux and i am window user so i like to read change log in new version,i don't know linux product require to much update or not but it is hard to belive that software(like rootkit scanner or AV scanner) on linux will be bug or vulnerable free.
     
  19. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi

    Seriously the black list problem remains the same on Linux.
    A linux desktop is statistically secure, no need to use a real time av that will detect one day in five years a simple unwanted tool used by sysadmins...
    I have posted a few Linux and Mac rootkits on Kernelmode.info board, and i do not remember their detection by so much av...
    I still believe that the user must be the antimalware himself, by learning how to find evil code on the linux kernel or Linux physical memory.
    HIDS are also effective agaisnt mawares, like OSSEC, Samhain or Snort, but they might be quite "heavy" on a single Linux desktop.
    AV Live CD can be helpful, and i remember that Mrk has published an overview of them.

    Again,the "scan/check" button is not magical for any kind of antimalware on any OS.

    Rgds
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    kareldjag, that's due to low marketshare, not "statistical security".

    The biggest weakness behind Windows is the user, that's still true for Linux. Please don't tell me you think there would be no malware issues if tomorrow the market share was swapped between Linux and Windows on PC. Popular distributions like Ubuntu would start implementing mechanisms like Microsoft's Smartscreen to start making the decisions for the users.
     
  21. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Sure there will be issues. With the appropriate market share, attention will shift.
    But malware will have to overcome the repositories, a vast trove, (largely) substituting the need to search for 'other stuff, somewhere else' on windows.
    Exploiting the user is always open.
    Not sure how any OS can guard (or should guard) against user unwillingness to learn/stick to 2 or 3 basic guide lines/rules.
    Anyone willling to, can go su and copy/paste info from a 'deceased-Nigerian-king-Yusyamani-heritage-email into terminal.
    Perhaps build a secure-for-stupids OS (with a different name) that removes terminal.
    If a distro avoids java, much is won already though.
     
  22. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    It's already here and it's called iOS.
     
Loading...
Thread Status:
Not open for further replies.