[SOLVED] What anti-virus/malware programs for Linux?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do you fancy the idea of doing a LQ blog entry outlining the main measures that you would take and the commands/packages that you would need? It doesn't need to be comprehensive, just as inspirational as the taster you've just provided but in more detail.
Having very-rarely read "blog" entries, in all these oh-so many years now, I probably would instead just put out a general thread-response entry. Of which I have already written a great many.
(1) There is no single "command or package you might need." You are dealing with an opponent – most likely a "crime of opportunity" opponent who actually has no idea who you are and doesn't care. (Your opponent might in fact just be a computer program.)
If your presumed opponent must find you, then deny him "things to find," such as open SSH ports. OpenVPN (with tls-auth) can confront him with "a smooth, featureless wall" which affords him no opportunity to enter, or even to discern that an entrance exists. And yet, authorized users can pass through virtually without impediment. Each of them may enter only because they possess a unique, one-of-a-kind, individually authorized badge (digital certificate) which can be individually revoked at any time.
"There you go: 'a badge reader.'" Just like you routinely encounter at any-and-every office building anywhere."
(2) If your presumed opponent is trying to "slip you a Mickey [Finn]," the key realization is that whatever "Mickey" he might be able to "slip you" must subsequently execute with your own authorization and privileges. Therefore, observe the Principle of Least Privilege.
All of the user-ids that I use every day ... save one ... "can't do diddly-squat." Neither with "anyone else's files but their own," nor with "the system itself." Neither can they sudo their way into ... anything-at-all.
Quote:
"When I want to be Superman®," I do know how to become Superman®. Oh yes, I do, although you can never discover how I do it.
Meanwhile: "I am not Clark Kent.®"
Therefore, even if you somehow contrive to "do something 'in my name' but without my knowledge," you will discover that you, too, are stuck firmly on the ground right along with me, because: "I can't fly."
(3) Finally ... "secure, continuous, protected, backups." Just like Apple implemented with their venerable Time Machine. Information is constantly being swept onto a protected directory on an external drive. You are never without a copy of it.
Last edited by sundialsvcs; 02-16-2017 at 02:20 PM.
So, putting aside the philosophy and in summary of all the above and the many linked threads, and their linked threads, what is the best free anti-v/m software(s) to run on my desktop computer please? (Linux Mint 17.3 Rosa Cinnamon).
If I wanted secure...
I wouldn't start with Mint and try to make it secure. It is a mainstream distro that has many features that a home user would want.
I'd start with a secure distro and as stated above, start at JEOS or minimal then add only the products that I needed to run. I'd enforce best practices like apparmor, SELinux, and tips on how to harden it.
Tips pointed out in thread include "backup". What a behind saver that is by the way. Don't keep it connected either. Backups have to remain out of reach of hackers.
So, putting aside the philosophy and in summary of all the above and the many linked threads, and their linked threads, what is the best free anti-v/m software(s) to run on my desktop computer please? (Linux Mint 17.3 Rosa Cinnamon).
The first couple of responders gave you these recommendations:
The first couple of responders gave you these recommendations:
- Sophos,
- ClamAV,
- RootKitHunter
Have you tried any of them?
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.
I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.
Are Sophos and Clam the only real choices in Linux?
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.
I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.
Are Sophos and Clam the only real choices in Linux?
Thanks.
There are MANY choices in the Linux world, but also some confusion. RootKitHunter is good, but it is not an antivirus application. I use ClamAV for Antivirus.
RootKitHunter specifically detects one NAST"Y kind of malware that virus protection may never detect. It can warn you if your system is compromised, or in the process of being compromised. It does this by reporting files or links that have changed from what they system reports that they SHOULD be in size or CHC sum. The initial report is almost meaningless on a clean system, but the difference form one report to the next can be VERY important.
While ClamAV is an on-demand scanner, it can be triggered to scan all incoming email and attachments in your email engine, configured to test downloads in your browser, and automated in other ways. The output may be rather large at times, but it gives you detail and a very clear message on any "hits" and can quarantine infected files.
I have not used SOPHOS for AV, so I cannot comment on that.
Generally nearly all REPOS have ClamAV packages and SOME kind of RootKit detection package. They rarely have many others, and there are commecial ($$$) options for those who need them. I think spending money for AV in the Linux world is largely wasted money unless you are in a high-risk situation, but that is a personal choice matter.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by grumpyskeptic
As I had written above, Sophos has no GUI and thus I had no idea if it was doing anything at all, so I replaced it with ClamTk. ClamTk only scans when you order it to rather than running in the background. I would be pleased to hear if you can in fact make Clamtk run in the background and also stop the opening of bad emails, both standard for Windows anti-v/m.
I have not tried RootKitHunter but I understand there are many more hazards than just rootkits.
Are Sophos and Clam the only real choices in Linux?
Thanks.
If the app not having a GUI, is a deal-breaker for you, you may have to settle for something that may not check your emails, provide on-access protection, etc. As said above, there ARE a lot of choices out there but, ALL of these choices have their own pro's and con's.
As long as the antivirus app is providing on-access protection/scanning, particularly in Linux, you should not have much to fear.
You can also write shell scripts (and cron jobs) for Sophos, and therefore don't have to be forever using the command-line, all the time.
You are not going to find a lot of AV apps, that have a GUI, provide on-access scanning, email checking, etc in terms of Linux. This is why I personally settled for Sophos.
This solution is just an add-on for Chrome and will not provide any on-access scanning (or email checking). Sophos also can detect Linux viruses as well as Windows viruses.
Scan the nut behind the keyboard.
Buy a router.
Add NoScript and an Add Blocker.
Don't run services you don't need.
Don't surf where your shouldn't.
Use your eyes for something beside adjusting the height of your monitors. https://sites.google.com/site/easylinuxtipsproject/
Scan the nut behind the keyboard.
Buy a router.
Add NoScript and an Add Blocker.
Don't run services you don't need.
Don't surf where your shouldn't.
Use your eyes for something beside adjusting the height of your monitors. https://sites.google.com/site/easylinuxtipsproject/
Habitual,
The OP has clearly stated "Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.", in their question. If you do not believe AV software is necessary for Linux, that's fine, BUT it is STILL the OP's choice (which they have already MADE) and PC. I'm not trying to be rude, to you, as I can see you have some good knowledge of Linux, but it is once again up to the OP, as to what they would like to use.
The OP has clearly stated "Sorry, I do not believe that none are needed. Even the posting at the top of this forum section is evidence that they are required. Bad things can be transmitted by other things than just rogue programs.", in their question. If you do not believe AV software is necessary for Linux, that's fine, BUT it is STILL the OP's choice (which they have already MADE) and PC. I'm not trying to be rude, to you, as I can see you have some good knowledge of Linux, but it is once again up to the OP, as to what they would like to use.
No worries. None of those actions were meant as an argument for or against A/V.
I can't help what the user does or doesn't believe.
And the point of the thread is meant to ....?
Clearly, (to me) it's to find on-demand A/V scan "just like Windows" (list of AV).
Thanks. So in summary the free anti-v/ms for Linux with GUIs are:
ClamTk
FProt
The free one without a GUI:
Sophos
Do not know if RootKitHunter has a GUI or not. There might be other little-known ones, but the three above seem to be the current choice from better-known providers.
1) Am I correct to think that I could install both ClamTk and Fprot, since I assume they both only do on demand scans rather than running in the background, and could command then to do scans from time to time (not at the same time) as I used to with Window's SuperAntiSpyware and MalwareBytes?
2) Is there any way of scheduling them to do a scan periodically, or reminding me to run them?
Regarding ClamTk, I had set the scheduler to do a scan every day, but since the history shows that the last scan was done several days ago it appears that either it does not work or it does not catch up with overdue scans that are scheduled to occur at a time when the computer is turned off.
Thanks.
Last edited by grumpyskeptic; 03-19-2017 at 08:38 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.