hello

I know linux is not immune to viruses but is rare in linux. I also know linux and unixes can get rootkits. However I do remember reading somewhere linux can get malware. If this is so, what app do I need for malware scanning?

thanks

There are several tools available. One that comes to mind immediately for rootkits is chkrootkit. How you obtain that will depend on the version of linux you have (or you can probably find the source code and compile it yourself). Here is a link to it on freecode: http://freecode.com/projects/chkrootkit

You may want to check out Linux Malware Detect (LMD) for malware. I have not used it.

Freecode also has several other malware specific projects: http://freecode.com/search?q=linux+m...&submit=Search

I hope that helps.

most distros will have "chkrootkit" and maybe "Rkhunter" in their repos

opensuse 12.3 for example has both

that and ClamAV

This article is dated, but its conclusions are consistent with what I have read more recently.

I use AVG myself, because it has served me well on Windows and because I determined long ago that I would not put any computer on any network without an AV program--AVG uses minimal resources and is quite unobtrusive.

As far as I am concerned, it's just safe HEX, and that makes be a bit of an outlier. When there is a Linux virus in the wild, I want to read about it, not live it.

I've heard really good things about Avast for Linux also.

On a Linux computer, the dangers are so minimal as to be almost nonexistent; the most significant ones are likely those that target vulnerabilities in browsers, in flash, in PDFs, and the like, and social engineering attacks such as phishing schemes.

Thanks to all for your input.

I wonder what use snort would be to protect a GNU/Linux PC?

Fred.

Quite. Depending on whose classification you agree with you'll end up with about ten to twenty "true" viruses but even then most of them are proof of concepts. (The one I see commonly is the old Virus.Linux.RST.a but I should emphasize I'm not an average Desktop Linux user.)

The main problem however is not in the realm of viruses, trojans, worms, keysniffers, other malware or rootkits but users lack of knowledge and common sense, fueled by misconceptions.

"Safe HEX", as frankbell already pointed out.

System-wise:
- don't install / run software you don't need now.
- do update software when updates are released.
- don't install / run software you can't trust or that's unsupported.
- don't accept or run any files on behalf of others.
- don't give access to your file system easily and don't run services you don't need.
- harden your file system and restrict access to accounts and services that need to be exposed.
- regularly verify the integrity of your file system, accounts and check system and service logs.
- ensure backups are made regularly.
- be mindful of your responsibilities towards other 'net users.

Personal hygiene:
- don't run outdated user land software like web browsers, plugins, P2P software etc, etc.
- do run web browsers with Javascript, Java, Flash and other such plugins enabled only for the sites you really, really need them for. (When I say "need" I mean on-line banking, business and other such purposes. Most people don't even need Java. Java Games don't count, period.)
- be ever mindful of your surroundings. After all the 'net is just like the place where you live in that there's probably locations where you shouldn't venture for obvious reasons. Also greed / lures don't work differently simply because it's the Internet: there is no free money.

This all should convey that running antivirus software is not the first aspect to address, it's only useful in a complementary role and only helpful if you share (regardless of the way) email, files, etc, with Operating Systems that are more prone to catching fire. (Or if, like me, you tend to work a lot with files of unknown or dubious origin and would like quick triage capabilities.) LMD does deserve a special mention: if you run a web or any other publicly accessible server then it's definitely suggested.

1 members found this post helpful.

Thanks UnSpawn

fallow the same advice on windows and it is likely that you might only get 2 or 3 infections in 10 years

An interesting read, thank you.

I have never heard of LMD before and just checked out their webpage, also an interesting read. I didn't download it but instead checked for its availability in Debian Wheezy. It appears as though it is not there so I wonder why when someone like UpSpawn says it deserves a special mention why it isn't available in, some, distros.

Anyway, my two cents worth for the OP, I tell people that use Linux because I introduced them to it to "be alert, not alarmed". I also tell them to basically use safe practises (I like the "safe HEX" line and will use it when appropriate) with anything that comes via the internet, or from other people. In other words don't browse sites that are "dodgy" and likely to be filled with malware, don't just trust a friend when they ask you to open a file on a USB, and don't automatically open email attachments without knowing where they come from and before checking them. I have used ClamAV on Linux, I have used AVG and Avira on Windows and would assume their Linux products are good. I personally don't have any AV on my Linux machines anymore, why? because in over 6 years of full time Linux use I never had a single problem.