Discussion in 'malware problems & news' started by guest-1, Sep 4, 2003.
Which files and which directories should be scanned for viruses & etc... in Linux?
My goodness... there are plenty of answers to this question.
If you're afraid of linux infections: fear not, there are virtually no infections in the wild (at least as far as we know ). There are, however, rootkits that can be installed by hackers, to take over the ownership of your machine. You may look for topics on rootkit detection on other specific linux sites.
Most infections and vulnerabilities can be prevented by (almost) never using the root account and root equivalent accounts!!!!
Second option: if your using linux as a mail/file server: use a linux virusscanner and scan all users file space.
But let's say that I want to scan a Linux system for viruses and trojans and whatnot anyways.
Which files and directories should I scan?
Well, I'd say:
But don't hesitate and do scan more if you feel like it. I don't know what services/daemons you run. Depending on the service, other directories could be used for filing purposes.
Try scanning with a rootkit scanning tool.
I'll be scanning with f-prot, an anti-virus software which apparently scans for rootkits as well.
As for services, I'm only running Apache.
But there's a windows box connected to mine (Mandrake), and that's mainly the source of my virus concerns.
Hmm, then you better should be scanning that windows system
At least Windows virusses are no threat to linux
If your Mandrake system acts as a gateway to the internet, you can install an av-program on that box too. Plenty of options available (I run the open source Clamav on my e-smith box).
I tried to install ClamAV but I ran into unsatisfied dependencies problems.
The win box is regularly scanned (PC-Cillin), but I just recently became concerned about my Linux system getting infected.
The windows computer is masqueraded through the Linux computer.
Maybe I worry too much
Thanks for your help everyone.
I would scan the whole system, but a firewall is FAR more important!
Separate names with a comma.