LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   antivirus for ubuntu (https://www.linuxquestions.org/questions/linux-security-4/antivirus-for-ubuntu-712254/)

bcbotha 03-17-2009 08:47 AM
antivirus for ubuntu
 
I know that most viruses are written for windows and therefore don't affect linux, however i'm dual booting ubuntu and vista. i want to know is there an antivirus i can install on ubuntu to search my windows partition and my linux partition to delete any windows viruses?
i know clamwin, avg and kaspersky apperntly have a linux download but how good are they? and where and how could i download them from?

thanks

repo 03-17-2009 08:53 AM
Take a look at
clamav

win32sux 03-17-2009 08:54 AM
Code:
sudo apt-get install clamav
That command will download and install ClamAV for you.

It's an officially-supported package in the Ubuntu repositories.

cloud9repo 03-17-2009 08:55 AM
clamav will scan all partitions if configured to do so, and it scans for Windows viruses.
In synaptic, select clamav (it'll select the others necessary), and I also get clamav-daemon and clamtk. The daemon runs in the background and provides real-time scanning. The clamtk package is the gui.

Here's the link for more info:

http://www.clamav.net/download/packages/packages-linux

which has instructions for Ubuntu.

bcbotha 03-18-2009 12:50 AM
how do i go about installing the clamav-daemon and clamtk?
what do you guys know about kaspersky and avg for linux? and how does clamav compare?

Tuttle 03-18-2009 02:49 AM
Quote:
Originally Posted by bcbotha (Post 3479022)
how do i go about installing the clamav-daemon and clamtk?
what do you guys know about kaspersky and avg for linux? and how does clamav compare?
It has a longer history of being a popular native Linux AV solution and it's open source

bcbotha 03-18-2009 03:29 AM
but in terms of its ability to detect the viruses and delete them, is it better than kaspersky and avg?

Tuttle 03-18-2009 04:57 AM
not sure, I've never had a virus!

bitpicker 03-18-2009 05:11 AM
You're probably better off with the commercial scanners. ClamAV is mostly used to scan for virus attachments on e-mails, but it doesn't have heuristics or behaviour recognition (though on the other hand if Windows isn't running the viruses aren't active, which means there is no behaviour to analyze). ClamAV doesn't have nearly as wide a base of signatures as do the commercial ones.

There are numerous free (only as in beer) commercial virus scanners which run under Linux. F-Secure and Avira for instance even offer Linux live CDs to scan from the bootable medium itself. You don't have to bog down your Ubuntu with such a program, just boot the live CD.

The Avira CD is updated daily. You can find it here: http://www.avira.de/en/support/support_downloads.html

You want the Rescue System with the CD icon, that's an iso you can burn. There's a toggle button switching between the original German and an English version in the menu.

On some machines without a floppy drive this CD has problems getting over the fact that /dev/fd0 can't be found. If the info box seems to try forever to mount that drive, you can use the command line button to drop to a shell, and you can then use ps -A to find the offending mount process, then kill it with kill -9 and the process number. Then return to the menu and you can go on.

Robin

bcbotha 03-18-2009 05:35 AM
thanks robin im downloading it now. im gonna try it out and see what it's like and what happens.i might also try clamav for while.

cloud9repo 03-18-2009 06:09 AM
Quote:
Originally Posted by bcbotha (Post 3479022)
how do i go about installing the clamav-daemon and clamtk?
what do you guys know about kaspersky and avg for linux? and how does clamav compare?
In synaptic, just quick search for clamav. The daeman and tk packages are listed. Here's the package info on Ubuntu's site:

http://packages.ubuntu.com/search?ke...id&section=all

I've used other packages, but clamav tends to integrate better, for me. I've only detected viruses once, but I know they've been present at other times, and circumvented detection.

Delphin 03-18-2009 08:01 AM
I also like ClamAV, it's free, and has the advantage that front ends are available for all major platforms Windows, Linux, OSX, BSD - you name it.

http://en.wikipedia.org/wiki/ClamAV

For a nice simple MS Windows GUI port using the ClamAV libs try :

http://www.clamwin.com/ (or the portable MS Windows version at portableapps.com)

The detection features in ClamAV have been upgraded in the more recent versions, but it is still basically a signature based scanner.

On Windows at least, the ClamWin program can be set to either only detect malware, or to also try to wipe the virus or move it to a special quarantine directory. In *nix environments this simple feature could easily be scripted with ClamAV, but such measures are not very effective in dealing with modern sophisticated malware.

A lot of the nasty malware out their in windows will use system locks to keep anti-virus programs from being able to do anything with the file.

I think that this is why some folks down check ClamWin and ClamAV, not so much because they won't detect something, but because they are not much help in removing them.

In Windoz, there are some really nasty bugs out there that, even after being deleted manually, just recreate themselves from another hidden randomly named instance somewhere else on your system.

So, the commercial anti-virus applications, focus much more on 'cleaning' because they know that most folks are really dumb about doing backups, and are desperate for a 'magic bullet' that will rescue them from the consequences of their carelessness.

In Linux, there is no reason that such really bad bugs could not also be created, nasty mutagenic polymorphic orginisms that are difficult to detect and damn near impossible to remove, but fortunatly the *nix community has not been the main target of commercial quality malware so far, because these attacks target mainly the desktop market (where Linux is only a tiny percentage).

The lack of sophisticated 'cleaning' in ClamWin and ClamAV doesn't bother me much, because I always have full hard drive backups available. So, when a virus proves difficult to remove (as is frequently the case in Windows XP), I just wipe the full hard drive partition and restore the system from the last clean backup (including the Master Boot Record).

I am careful about what applications I run, and have had pretty good luck avoiding malware myself, but one of my friends XP boxes gets infected about three times a month. I have finally shown him how to do the 'wipe and restore' trick, and now he never has a problem restoring his system.

Why fiddle around with 15 different anti-virus apps, trying to find that 'magic bullet' that will finally remove a really nasty piece of spyware, when wiping and restoring the hard drive only takes a few minutes?

The thing I like MOST about both ClamWin and ClamAV, is that they are quick to set up and have a very very low system footprint.

For example on Windows, where the threat is greater, if you would feel safer also running another anti-virus, at least ClamWin won't fight with it.

In fact, in windows, you don't even have to install ClamWin to have it do a scan on the system. You can get a nice 100% portable version that will run from a USB Flash drive (portable ClamWin from portableapps.com)

Linux has a much better record as far as malware goes (stronger system, fewer attacks), and with Vista, Microsoft is trying to play catchup, and says they have improved security.

If so, something simple like ClamAV on the *nix side, and ClamWin on the Windows side, may be all that you need.

- Delphin


All times are GMT -5. The time now is 08:34 PM.