LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-01-2013, 07:29 PM   #1
liquorUp
LQ Newbie
 
Registered: Aug 2013
Distribution: Mageia 3
Posts: 12

Rep: Reputation: Disabled
How to scan for malware in linux


hello

I know linux is not immune to viruses but is rare in linux. I also know linux and unixes can get rootkits. However I do remember reading somewhere linux can get malware. If this is so, what app do I need for malware scanning?

thanks
 
Old 08-01-2013, 09:20 PM   #2
MemoryLeak
LQ Newbie
 
Registered: Jul 2013
Posts: 4

Rep: Reputation: 1
There are several tools available. One that comes to mind immediately for rootkits is chkrootkit. How you obtain that will depend on the version of linux you have (or you can probably find the source code and compile it yourself). Here is a link to it on freecode: http://freecode.com/projects/chkrootkit

You may want to check out Linux Malware Detect (LMD) for malware. I have not used it.

Freecode also has several other malware specific projects: http://freecode.com/search?q=linux+m...&submit=Search

I hope that helps.

Last edited by MemoryLeak; 08-01-2013 at 09:23 PM.
 
Old 08-01-2013, 10:29 PM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,830

Rep: Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409
most distros will have "chkrootkit" and maybe "Rkhunter" in their repos

opensuse 12.3 for example has both

that and ClamAV
 
Old 08-01-2013, 10:38 PM   #4
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,361
Blog Entries: 12

Rep: Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751
This article is dated, but its conclusions are consistent with what I have read more recently.

I use AVG myself, because it has served me well on Windows and because I determined long ago that I would not put any computer on any network without an AV program--AVG uses minimal resources and is quite unobtrusive.

As far as I am concerned, it's just safe HEX, and that makes be a bit of an outlier. When there is a Linux virus in the wild, I want to read about it, not live it.

I've heard really good things about Avast for Linux also.

On a Linux computer, the dangers are so minimal as to be almost nonexistent; the most significant ones are likely those that target vulnerabilities in browsers, in flash, in PDFs, and the like, and social engineering attacks such as phishing schemes.

Last edited by frankbell; 08-01-2013 at 10:40 PM.
 
Old 08-02-2013, 06:08 PM   #5
liquorUp
LQ Newbie
 
Registered: Aug 2013
Distribution: Mageia 3
Posts: 12

Original Poster
Rep: Reputation: Disabled
Thanks to all for your input.
 
Old 08-02-2013, 08:13 PM   #6
Fred Caro
Member
 
Registered: May 2007
Posts: 999

Rep: Reputation: 166Reputation: 166
I wonder what use snort would be to protect a GNU/Linux PC?

Fred.
 
Old 08-03-2013, 06:08 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by liquorUp View Post
I know linux is not immune to viruses but is rare in linux.
Quite. Depending on whose classification you agree with you'll end up with about ten to twenty "true" viruses but even then most of them are proof of concepts. (The one I see commonly is the old Virus.Linux.RST.a but I should emphasize I'm not an average Desktop Linux user.)

The main problem however is not in the realm of viruses, trojans, worms, keysniffers, other malware or rootkits but users lack of knowledge and common sense, fueled by misconceptions.

"Safe HEX", as frankbell already pointed out.

System-wise:
- don't install / run software you don't need now.
- do update software when updates are released.
- don't install / run software you can't trust or that's unsupported.
- don't accept or run any files on behalf of others.
- don't give access to your file system easily and don't run services you don't need.
- harden your file system and restrict access to accounts and services that need to be exposed.
- regularly verify the integrity of your file system, accounts and check system and service logs.
- ensure backups are made regularly.
- be mindful of your responsibilities towards other 'net users.

Personal hygiene:
- don't run outdated user land software like web browsers, plugins, P2P software etc, etc.
- do run web browsers with Javascript, Java, Flash and other such plugins enabled only for the sites you really, really need them for. (When I say "need" I mean on-line banking, business and other such purposes. Most people don't even need Java. Java Games don't count, period.)
- be ever mindful of your surroundings. After all the 'net is just like the place where you live in that there's probably locations where you shouldn't venture for obvious reasons. Also greed / lures don't work differently simply because it's the Internet: there is no free money.

This all should convey that running antivirus software is not the first aspect to address, it's only useful in a complementary role and only helpful if you share (regardless of the way) email, files, etc, with Operating Systems that are more prone to catching fire. (Or if, like me, you tend to work a lot with files of unknown or dubious origin and would like quick triage capabilities.) LMD does deserve a special mention: if you run a web or any other publicly accessible server then it's definitely suggested.
 
1 members found this post helpful.
Old 08-03-2013, 05:28 PM   #8
liquorUp
LQ Newbie
 
Registered: Aug 2013
Distribution: Mageia 3
Posts: 12

Original Poster
Rep: Reputation: Disabled
Thanks UnSpawn
 
Old 08-03-2013, 06:43 PM   #9
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,830

Rep: Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409Reputation: 2409
fallow the same advice on windows and it is likely that you might only get 2 or 3 infections in 10 years
 
Old 08-03-2013, 07:33 PM   #10
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
An interesting read, thank you.

I have never heard of LMD before and just checked out their webpage, also an interesting read. I didn't download it but instead checked for its availability in Debian Wheezy. It appears as though it is not there so I wonder why when someone like UpSpawn says it deserves a special mention why it isn't available in, some, distros.

Anyway, my two cents worth for the OP, I tell people that use Linux because I introduced them to it to "be alert, not alarmed". I also tell them to basically use safe practises (I like the "safe HEX" line and will use it when appropriate) with anything that comes via the internet, or from other people. In other words don't browse sites that are "dodgy" and likely to be filled with malware, don't just trust a friend when they ask you to open a file on a USB, and don't automatically open email attachments without knowing where they come from and before checking them. I have used ClamAV on Linux, I have used AVG and Avira on Windows and would assume their Linux products are good. I personally don't have any AV on my Linux machines anymore, why? because in over 6 years of full time Linux use I never had a single problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
My brothers MFC j430w printer,prints but won't scan, I'm using xsane scan program , jbander Linux - Hardware 4 08-01-2013 06:04 PM
[SOLVED] May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 22 08-17-2008 02:05 PM
May have contracted malware. Yes, malware. Firefox on Ubuntu Fiesty. Seeking a fix drachenchen Linux - Security 1 06-12-2008 06:10 AM
Linux malware on the go TigerOC Linux - Networking 3 11-07-2004 03:31 AM


All times are GMT -5. The time now is 06:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration