guys just want to ask, i have my clamAV updated always..but how can i assure that there is no threat of trojan in my box? any suggestions?

install only trusted software...

you may check those rootkit checkers:
http://www.rootkit.nl/
http://www.chkrootkit.org/

rootkit hunter is nice, but a rootkit is not the same thing as a trojan...

a rootkit is installed on a box after root privilages have been gained, with the main purpose being to maintain root access using any number of methods...

a trojan is simply an evil piece of software which is disguised as being legit (or inserted within legit software), and the main purpose of the trojan could be any number of things, none of which necessarily have to be root access related...

you won't be using rootkit hunter to check a package to see if it's trojaned...


PS: same applies to chkrootkit...

Now can be late, but just after a fresh install you can run a software that checks the signatures of critical files. AIDE, Samhain, afik and tripwire are the most known in this class.

They helps you for detect alteration on critical files, both alteration and creation/deletation.

regards,

how can i assure that there is no threat of trojan in my box?
The first thing is making sure chances of that happening are low or non-existing: this means properly hardening (and continuously upgrading from official sources) the box as a whole during and after installing the OS. Next to that you will have to install tools right after installing the OS that actively (prior to or during attempts) help you detect attempts: IDS like Snort, Prelude and active filesystem integrity checkers like Samhain. Next to that you have to install tools right after installing the OS that passively help you detect attempts and audit the system: Aide, tripwire, any distro package management system that allows verification, Tiger, Logwatch, etc, etc. Provided you continuously monitor and adjust the system where necessary that's a good basis to start on. Wanna learn more? Check out the LQ FAQ: Security references.


* If you don't have the above in place and you still want to be able to verify your system is clean I'd suggest booting a LiveCD like KNOPPIX, use your distro's package management system for verification if you can, then verify your system using Chkrootkit and Rootkit Hunter and finally manually verify anything outside the scope of the previous tools. Granted, that's a PITA, so now you know why you need to implement the stuff above.


// BTW: don't put "help" in your subject, it's annoying since we *know* you need help and we're all here to help anyway...

I just found a document that can help you in selecting a file checker:
http://la-samhna.de/library/scanners.html

sir i have clamAV and a firewall. . .do you think that its enough?

i found trojan scan in google, and also rootkit as mentioned.. do this stuff can help? thanks.. i really need some background with security at this time .

is it still possible to have a trojan attack even if i dont have a network? m just using my box as an ordinary desktop pc..

it depends... a lot of linux users don't even have a virus scanner and they still do just fine... and a lot of them have all kinds of scanners and they get owned (cracked) all the time... it's all relative to the activities one carries-out... just having clamav and a firewall is NOT enough - common sense is way more important than both of those put together... security is not a product, it is a process... there's no amount of tools you can download which will make you "secure"...

the most important steps are the basic ones... things like "keep your system patched" and "only install software from trusted sources" and "use common sense" will probably be just as useful as [ insert your favorite security tool here ] most of the time...

i don't know what a trojan scan is... i assume it's a remote network scan that looks for suspicious open ports and stuff like that... yes, stuff like that is useful, it is - it's just that you don't wanna RELY on stuff like that exclusively... like the rootkit scanners, for example... they are good tools, cuz they might let you know when you've been OWNED, but the ideal thing to do is to take the necessary steps and implement the necessary procedures so as that you don't get the rootkit installed in your system *in the first place*...

a lot of people coming from windows have a hard time with this stuff, cuz they are used to going into all kinds of websites and downloading/installing all kindsa crap from all over the place... then they need all kindsa anti-whatever tools to try and clean-up their mess... a little common sense would have helped them way more than any number of anti-whatever tools... common sense is multi-platform...

well, this forum is a good place to start, so you already have a foot inside the door...

here's some links relative to the current discussion:

http://en.wikipedia.org/wiki/Trojan_horse_(computing)

http://en.wikipedia.org/wiki/Rootkit

you need to understand what trojans and rootkits are before you defend yourself from them... the same goes for worms and viruses:

http://en.wikipedia.org/wiki/Computer_worm

http://en.wikipedia.org/wiki/Computer_virus

and even spyware, etc: http://en.wikipedia.org/wiki/Spyware

look at the difinition for "trojan" at the link above:there's no need for a network, the program could come on a floppy, a cd-rom, whatever media...

if a stanger walked into your office with a floppy and told you "please replace your iptables binaries with the ones i have on this floppy" would you do it?? no, probably not, because you don't TRUST this person... but if patrick volkerding puts a message out on his website asking you to upgrade your X.org program to the latest version he's uploaded because it fixes a security hole, would you do it?? yes, you probably would, because you trust mr. volkerding and you trust the developers at X.org. and even if you didn't trust mr. volkerding you could just use his build script and download the source directly from X.org and compile it yourself, and even if you are more paranoid you could hand the source over to a software auditing service and pay them to analyze the source code and tell you if there's any backdoors in there before you compile it... etc... etc...

hmm so basically, as what iv read on the site given, i really should download packages from TRUSTED websites and/or the application's website.

yup, that will help you stay trojan-free... but you still need to watch-out for worms and other nasties...

hmm now i have the basic idea.. a big THANKS sir..