The clamtk package has a GTK frontend, though I think it needs an update.
There's also a Nautilus package that integrates an option to scan from the context menu.

And yes, it may be just a frontend - but not everyone likes using the terminal for everything.

yeah clamtk too, i've just expressed myself in a wrong way, we're not all good english speakers around here.

Anti virus is not needed.

While such replies aren't false they do not add anything (except add to your post count) because they don't explain anything.


And to ppl promoting ClamAV (me disregarding the whole GNU/Linux AV yes/no debate): while ClamAV is OSS and OSS is good in the case of AV it doesn't necessarily mean OSS is automagically the best choice in terms of performance and detection. Testing a few free-for-personal-use versions of AV products might show how ClamaV compares in Real Life.

Will they actually see anything of value while running these tests on a Linux desktop-only system? What should they be looking for?

Good question. Definitely differences in scan speed if there's a sizable directory to test on. Actual scan results and success rate depends on AV engine and detection signature versions and the size and contents of their virus slash malware database. Note the following isn't representative for common users as I've ran scans on a tree only containing GNU/Linux-related stuff:

# bdscan --action=ignore --log=~/bdc.log --recursive-level=100 --archive-level=100 --no-list
# clamscan --verbose --remove=no --tempdir=/dev/shm --detect-pua=yes --detect-structured=yes --scan-mail=yes --phishing-scan-urls=yes --heuristic-scan-precedence=yes --algorithmic-detection=yes --scan-pe=yes --scan-elf=yes --scan-ole2=yes --scan-pdf=yes --scan-html=yes --scan-archive=yes --detect-broken=yes --block-encrypted=no --mail-follow-urls=no --log=~/clamav.log
# fpscan --boot --follow --mount --maxdepth=60 --heurlevel=3 --archive=10 --adware --applications --verbose=2 --output=~/f-prot.log
# The tree /hack_evidence/ contains 1334 plain text, binary and archive files and the "test" was run on a machine with enough CPU cycles and RAM.

BitDefender (v7.90123):
Files: 12650
Packed: 2729
Archives: 696
Infected files: 377 <- plusgood
Identified viruses: 265
Files/second: 113
Scan time: 00:01:51

real 2m0.744s
user 1m42.061s
sys 0m6.272s


F-prot (4.4.4.56):
Files: 1335
Skipped files: 336
Objects scanned: 7586
Infected objects: 205 <- nice
Files with errors: 5

Running time: 01:07
real 1m7.887s
user 0m59.665s
sys 0m4.056s


ClamAV (0.96/10721)
Scanned directories: 1
Scanned files: 16
Infected files: 2 <- auch
Data scanned: 50.22 MB
Data read: 8.66 MB (ratio 5.80:1)
Time: 25.716 sec (0 m 25 s)

real 0m25.806s
user 0m23.387s
sys 0m1.099s


So while ClamAV in terms of pure speed would seem to win, and while both my BitDefender and F-prot engines aren't brand new versions, in terms of detection they beat ClamAV. Real hard.

It looks like you've run against a directory containing a number of files known to contain malware. I'm more interested in what the desktop user would be up against from the Linux side. I will, up front, concede that these products are all useful in protecting downstream Windows email recipients; unless, like me, you use webmail.

My point is that ClamAV might seem the "natural choice" for many since it's simply OSS not the best product.



I'm not at all interested in that as there essentially is no "AV on GNU/Linux" debate. Everyone knows what the real threats to GNU/Linux are and rehashing those shouldn't be necessary.

My point is that this thread is evidence that not everyone does know the real threats to Linux. Have you considered a sticky over on the Security board? Heck, it might even be more appropriate here on the Newbies board, for that matter.

The LQ Security references do have a piece about threats, see Post #3 Intrusion detection, integrity checks: IDS, NIDS, HIDS, Antivirus, software. starting down at "Viruses on Linux/GNU, Antivirus software". It's up to the OP to search LQ or be redirected there by fellow LQ members (or in most cases: made aware LQ actually *has* a search function).



//Minor nit: AFAIK you can't really say "my point is" as I made a point first. So you should first agree or disagree before moving to another point. If you don't then it'll just remain two monologues...

None of which address the issue of whether an A/V scanner is useful for a typical desktop system. And it seems to me that that is the issue for this thread.

I think I can say what I like, actually. Of course, you can feel free to chase me around correcting my grammar if you have nothing else to do.

And, since you continually refuse to directly address the issue of A/V on a desktop system, then yes, I think we'll continue to have two separate monologues.

Then maybe read again? I clearly wrote and presented some basic measures. The absence of any AV reference in the list could instill the notion that it isn't necessary unless one needs to protect the "lesser" OSes.

As for the rest of your retort you're coming across as a bit too testy which is completely unwarranted. Please remain respectful.