I read some articles about viruses in Linux and about some antiviruses which work in Linux and delete Windows viruses but I still don't understand: is there any antivirus which specializes in Linux viruses? Even though there are very little of Linux viruses, I know.

You can use tools like rkhunter or chkrootkit to identify root kits. It works better if you plan on this during installation, and create a database which you copy to read-only off-line media, and run your test from a live disc while the system is off line.


Prevention is more important than reaction. Make sure you use strong passwords. Use pub key authentication if you use ssh, and use a strong passphrase to protect the private key. Keep software up to date. Only use software you distro supplies. The source is open and should be vetted before being compiled and packaged. Being open the original author would get into trouble if they included spyware or a trojan. If you have a high speed Internet connection, using a Cable/DSL modem would be a good idea. An extra firewall (which NAT provides) will provide an extra layer of protection. Lock down your system. E.G. AllowUsers in sshd_config; providing a password for the mysql root user if that is installed; checking your computer's firewall settings, etc.

The Linux scanners for Windows viruses is intended to detect malware infected files on Samba shares, not to remove malware that already has infected a windows machine. Once a host is infected, re-installation is needed.

1 members found this post helpful.

Linux-specific AV exists (AVG and BitDefender have Linux versions, at the very least), but I can't vouch for how useful they are in practice.

I can as I have tested BitDefender, ClamAV and F-prot in this web log post of mine in 2009.

If you don't try to execute unknown binaries from unknown origins then chances you'll come across one are rare. The only one I come across often are RST-B variants.

1 members found this post helpful.

I've actually used CA's AV solution for Linux. Sophos for Linux too. This was back in 2004-2005...those solutions left much to be desired, but things have probably changed since then.

The biggest turn-off with CA's solution was that each install included a locally-run webserver. That was a deal-breaker for the shop I was working for. The biggest turn-off with Sophos' AV solution was the fact that you had to create scripts around it for it to even work satisfactorily. We felt that we shouldn't have to create hacks to make a paid-for enterprise solution work.

Your post reminded me NOD32 has a Beta out for Linux (see http://beta.eset.com/linux). I tried Beta 4 on F13, it worked quite OK, and the feature set is quite similar to what users know from running it on The Other OS. YMMV(VM) as it's still beta and I haven't checked under the hood as I've used a VMware disposable.

rkhunter:
Same problem here: https://bbs.archlinux.org/viewtopic.php?id=86539 . So this utility has false warnings.

Well, they're all going to have false warnings at some point, IMO. I once had an issue with an enterprise AV solution triggering falses on RAdmin. The issue was fixed the same day, but it created operational challenges until they (CA) fixed the issue. This happens with other vendors also. It's a part of using AV, I guess.

1 members found this post helpful.

Let's establish once and for all that rootkits (may be infected with but) are not equal to viruses and that RKH does not equal AV.

McAfee and Semantec both have AVs for Linux which remove and quarantine. The both also have command line versions and GUIs available. They both also have on-demand, scheduled, and real time scanning. The McAfee version can also be hooked up to and pushed out via an ePo server where it can pull its updates from.

Kaspersky has a Linux version also but I've never used it before.

nomb

as to removing ??
in 8 or so years i have never needed that option .Clam has never shown that there was one installed ( except on my MS Xp disk that norton missed )

and even then i did a manual removal and replace of the files ( from fedora )