Malware Scanner for Linux?

Is there a malware scanner for linux? Im using ClamAV for virus check, but was wondering if there was a malware scanner?

 

There is rkhunter and chkrootkit, but the Linux gurus say they are not needed for desktop use, they throw a lot of false positives and are hard to interpret. Don't think like a Windows user. I think some of the main AV players have Linux versions, but I forget who, specifically.

 

Avast and comodo have linux versions of their scanners but i feel they would be a waste of resources.

 

Some of the Antivirus Live CD's will scan both Linux and Windows Partitions and some will only scan Windows Partitions. I don't remember which ones will scan Linux Partitions.

 

What about Linux Malware Detect from R-fx Networks? Any opinions on this?

 

There's clamav, rkhunter, chkrootkit, etc.
Most Linux home users won't have good products like WIndows home users do. If you really want the best you'll need to buy their corporate stuff.

 

Is a malware scanner needed in linux at all.?
I currently have no security software installed at all and my browser is the only program with any form of security measures in place.

 

Well I think this way:

* If you use Linux and share files with Windows, don't scan them. If the Windows users get infected it's their problem because they don't use Linux

Now obviously I was just kidding.

I don't have any Windows-executable files in my drive but even so I scan everything just in case I have something infected, be it a .pdf or a .jpg.

If you don't share files with Windows/MAC then I don't see a point in having a malware scanner, but some basic considerations must take place:

* Have strong passwords;
* Have a less privileged user account for normal use (not even with sudo enabled);
* Only log in as root when needed;
* Configure a firewall (https://wiki.archlinux.org/index.php/Simple_stateful_firewall#Firewall_for_a_single_machine);
* Don't run files like "britneySpearsNaked.sh";
* Stick to the Official Repositories;
* Make Back-ups regularly;
* Don't visit known malicious websites;
* Don't mess with your kernel, only if you know what you're doing;

And if you're more paranoid:

* Don't install FlashPlayer/JAVA;
* Encrypt your drives;
* Use a hardware firewall (like a router, for example);
* Scan for rootkits;
* Join a VPN and use Tor as well;

 

@amarildojr.
Thank you kindly for your in depth post.I have only been using linux for a few weeks and still learning.

Much appreciated.

 

No problem

 

Hello:

I did read your subsequent post, in this thread, and I understand you are a newbie with a Mint distro.

Please ask yourself what you will do if a malware developer re-writes any of the following threats, or your system becomes a botnet controller for a criminal enterprise.

https://en.wikipedia.org/wiki/Linux_malware#Threats

I'm very sure that none of us want to become an unknowing remote clearing house for child pornography, collector/distributor of stolen government secrets, or credit card/identity information.

Exactly how will you convince ambitious government authorities to release you from custody, without a bail bond, and return your seized computer equipment? Are you sufficiently funded to put together a victorious legal defensive team for the criminal/civil court case(s) to follow?

Will all of your immediate family, relatives, friends, neighbors, co-workers, employers, fellow church members be totally convinced of your innocence from the very beginning? Will newspapers, blogs and web sites release retractions to published reports of your suspected wrong doings?

I truly do wish you well in all things. But do protect your computing...

 

Seriously, don't be that paranoid.

There are a few Linux malware, and the vast majority (if not all) of them are not in the wild. The chances of you specifically being infected are close do zero. Having a good firewall configured is more than enough to protect against attacks, the rest (concerning viruses/trojans/etc) is up to you: Follow the basic principles I said and you'll be fine. 80% of the Linux security is made by the user.

 

http://www.linuxinsider.com/story/78748.html

 

Hello,

Many developers of Windows anti-malware software have Linux versions as well. You may wish to check with your existing Windows-vendor to see what they have available.

Regards,

Aryeh Goretsky

 

Yes many vendors have linux antivirus,but "Are they updated according to linux world need ?"
I am not tried any as i am also new to linux but thier page look like they are created thousand year ago.

 

I somewhat agree with you here. It then would be a good sign that their definitions database be updated frequently.

A question arises as whether the engine also makes use of heuristics, or other modern techniques, and if same are updated with database updates or does the engine require timely updates to remain viable.

 

Hello,

Generally speaking, most (if not all) anti-malware companies send the same signature updates to their Windows, OS X and Linux/UNIX-like programs. That's because even though the computer may be running OS X or Ubuntu, it may still come into contact with Windows files (on another partition, sent via email, etc.).

Regards,

Aryeh Goretsky

 

ofcourse i think the first step of security software is to establish a confidence in users.
i visited some security software sites few days before may be rootkit scanner now i don't remember which was that but one thing discourage me is one product page saying latest version released in 2001,others saying in 2004 and another saying 2007 or 2010.While i know avast ,comodo ,clam,eset ,bitdefender has linux version but as i said i am new to linux and i am window user so i like to read change log in new version,i don't know linux product require to much update or not but it is hard to belive that software(like rootkit scanner or AV scanner) on linux will be bug or vulnerable free.

 

hi

Seriously the black list problem remains the same on Linux.
A linux desktop is statistically secure, no need to use a real time av that will detect one day in five years a simple unwanted tool used by sysadmins...
I have posted a few Linux and Mac rootkits on Kernelmode.info board, and i do not remember their detection by so much av...
I still believe that the user must be the antimalware himself, by learning how to find evil code on the linux kernel or Linux physical memory.
HIDS are also effective agaisnt mawares, like OSSEC, Samhain or Snort, but they might be quite "heavy" on a single Linux desktop.
AV Live CD can be helpful, and i remember that Mrk has published an overview of them.

Again,the "scan/check" button is not magical for any kind of antimalware on any OS.

Rgds

 

kareldjag, that's due to low marketshare, not "statistical security".

The biggest weakness behind Windows is the user, that's still true for Linux. Please don't tell me you think there would be no malware issues if tomorrow the market share was swapped between Linux and Windows on PC. Popular distributions like Ubuntu would start implementing mechanisms like Microsoft's Smartscreen to start making the decisions for the users.

 

Sure there will be issues. With the appropriate market share, attention will shift.
But malware will have to overcome the repositories, a vast trove, (largely) substituting the need to search for 'other stuff, somewhere else' on windows.
Exploiting the user is always open.
Not sure how any OS can guard (or should guard) against user unwillingness to learn/stick to 2 or 3 basic guide lines/rules.
Anyone willling to, can go su and copy/paste info from a 'deceased-Nigerian-king-Yusyamani-heritage-email into terminal.
Perhaps build a secure-for-stupids OS (with a different name) that removes terminal.
If a distro avoids java, much is won already though.

 

It's already here and it's called iOS.