Malware and Antivirus Systems for Linux

Discussion in 'Linux Security' started by DevynCJohnson, Aug 19, 2013.

?

Have you ever had or suspected malware to be on your Linux system?

  1. Yes, I had malware.

    9.1%
  2. I suspected malware, but I never proved it.

    9.1%
  3. Never

    81.8%
  1. Cyber-Berserker

    Cyber-Berserker Active Member

    Messages:
    232
    Likes Received:
    139
    Trophy Points:
    43
    In my opinion, the fear of viruses is far greater than the threat. Taking myself as an example, I do not practise what is usually referred to as "safe browsing." I am not afraid to "accidentally" visit dangerous places like porn sites and download something, (I know. My bad.) and I have never had a virus. The main key to avoiding them is using a little common sense. What is my definition of safe browsing? One example; if an e-mail is received from an unknown source and includes an attachment, open the attachment at one's own risk. And of course, web sites offering something too good to be true are too dangerous for even me to venture into.


    Not yet. Wait a couple more years.
    DevynCJohnson likes this.
  2. lobo

    lobo Active Member

    Messages:
    130
    Likes Received:
    74
    Trophy Points:
    28
    This article misses the entire point of AV software for GNU/Linux - it's primarily targeted towards mail servers or file servers which serve windows based networks.
    Cyber-Berserker and ryanvade like this.
  3. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,331
    Likes Received:
    1,069
    Trophy Points:
    113
    What do you mean? Are you saying that Linux anti-virus software is intended for Linux servers on Windows networks?
    ryanvade likes this.
  4. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,260
    Likes Received:
    428
    Trophy Points:
    83
    The Anti-virus software scans the files that Windows clients upload/download, helping to prevent spreading. I have Anti-virus on my server for this reason. A quick scan weekly on the "server shared files" helps to fight windows-based viruses. Sure the Linux Anti-virus software also fights Linux viruses, but it is more effective at keeping the Windows clients the server "serves" safer.
    lobo and Cyber-Berserker like this.
  5. Darren Hale

    Darren Hale Active Member

    Messages:
    273
    Likes Received:
    120
    Trophy Points:
    43
    ryanvade likes this.
  6. Cyber-Berserker

    Cyber-Berserker Active Member

    Messages:
    232
    Likes Received:
    139
    Trophy Points:
    43
    lobo and ryanvade
    Although very brief, those are still two of the most informative posts I have seen on the web concerning virus protection.:cool:
    ryanvade likes this.
  7. lobo

    lobo Active Member

    Messages:
    130
    Likes Received:
    74
    Trophy Points:
    28
    The tech press are in the news business, which is tantamount to being in the ad business - the world likes bad news - it "sells papers".

    I've skimmed a lot of articles about "Linux malware" over the years and none have ever been worth the read... you usually get to the end and read something like 'it only affects Linux 2.4 and only if the user is running everything as root'...

    I'll give you an example - I did a search for "new linux worm":

    http://www.linuxtoday.com/security/beware-of-new-worm-targeting-linux-pcs.html
    (several were clones of this)

    Then

    http://arstechnica.com/security/201...s-routers-cameras-internet-of-things-devices/
    It's important not to be naive here and understand what is going on. Firstly the main target here will be Linux based devices (cisco, netgear or whatever routers, etc) running horrendously out of date kernels.

    There will be a rush of people to buy new domestic wifi router/modem boxes - symantec often bundles it's software with new routers...

    The articles appear to put the blame on open source software and Linux and of course it's symantec, a leader in the "virus industry" who depend on the proliferation of malware in order to sell their subscription shitware...

    The blame in fact lies squarely with the companies who produce these devices, who fail miserably in providing up to date firmware and give no assistance whatsoever to those trying to produce open firmware to replace the aging one. This is despite these companies using Linux on their devices and profiting from it.
    DevynCJohnson likes this.
  8. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,260
    Likes Received:
    428
    Trophy Points:
    83
    I try.
  9. Mitt Green

    Mitt Green Member

    Messages:
    60
    Likes Received:
    37
    Trophy Points:
    18
    I had an interesting problem: mama gave me her USB Flash to copy some files, after copying she found some viruses on the device, so here's the question: if I got a virus, maybe it was written only for Microsoft Windows or I need to find an additional security?
    DevynCJohnson likes this.
  10. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,260
    Likes Received:
    428
    Trophy Points:
    83
    If the virus is for Windows then it will not effect Linux. But for the sake of security, wiping it with a program like Gparted may be a good idea.
    Mitt Green likes this.
  11. voipster

    voipster New Member

    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    1
    I usually install AVG to scan windows and just wanted to give an update to the avg URL it is "Not cool enough to post links yet". The URL above "still not cool enough to post links" currently goes to a windows only download.

    Thank you for the article! Much enjoyed!
    DevynCJohnson likes this.
  12. Einstein

    Einstein New Member

    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    1
    I mean LVN if you have a reason to be paranoid...otherwise I have a security appliance on my local to monitor the ins and outs especially with wireshark.
    Linux is open source so basically all malware gets spotted. Just dont go downloading crap. Which holds true for windblows especially... I wouldnt trust any virus detectors as they give a false sense of security....
    DevynCJohnson likes this.
  13. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,331
    Likes Received:
    1,069
    Trophy Points:
    113
    Good point.
  14. AreG

    AreG New Member

    Messages:
    1
    Likes Received:
    2
    Trophy Points:
    1
    Informative article. Thank you.

    About this statement....
    This statement is typically true, but not always true. Malware, virus, etc can be any file. Most importantly, a file can be infected without being executable -- the executable code is just inert. Any file can be made executable, userspace especially being vulnerable.
    Some malicious files exploit the executable that calls them, eg an FLV could contain malicious code that exploits a flaw in flash player when playing said FLV, usually stored in the file's header.

    Anyway, I agree execution must happen somewhere in the stack in order for infection to occur, however, thinking that your FLV is safe might not be the best route. Scan those too, along with your MP3s and PNGs.
    Mitt Green and DevynCJohnson like this.
  15. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,331
    Likes Received:
    1,069
    Trophy Points:
    113
    Thank you very much for your comment. I will correct that. Yes, you are definitely correct; I recently learned that some programmers put malicious code in a macros contained in a Word document (*.doc, *.docx, & others).
  16. budereddy_harish

    budereddy_harish New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    respected sir/madam,

    i have implemented IOCTLs in 8250.c file but now am unable to transmit data using RS485 converter from one PC to another PC using device /dev/ttyS0.will u please guide me that how can i transfer data from one PC to another PC
  17. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,331
    Likes Received:
    1,069
    Trophy Points:
    113
    Could you ask your question in a new thread? You are more likely to get an answer if your question was in its own thread. We do not like "hijacking" threads. Sorry for the inconvenience.
  18. Dwain Peevey

    Dwain Peevey New Member

    Messages:
    4
    Likes Received:
    3
    Trophy Points:
    3
    Greetings, folks! Just joined and thanks for the add. Not an IT newbie, but newbie to LINUX. I am in constant CYA mode and have ClamAV on Ubuntu 14.04/64..Wanting an AV system that runs constantly in the background of my system. Had bad experience with BitDefender so that's out of the question. Any suggestions? I'm like Fox Mulder..."Trust no one"! Thanks...
    DevynCJohnson likes this.
  19. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,331
    Likes Received:
    1,069
    Trophy Points:
    113
    You mentioned that you are running ClamAV, but you never said anything bad about it and you have asked this question. I assume you like ClamAV but have not installed "clamav-daemon" which makes ClamAV run in the background. To install the clam daemon, run "apt-get install clamav-daemon" in the command-line with Root privileges. Besides the listed software I discussed in the article, I have no other ideas.

    UPDATE:

    Okay, thanks to @Dwain Peevey and @Mitt Green , here are better installation instructions for a complete ClamAV security system.

    apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
    freshclam
    service clamav-daemon start
    Last edited: Jul 28, 2014
  20. Dwain Peevey

    Dwain Peevey New Member

    Messages:
    4
    Likes Received:
    3
    Trophy Points:
    3
    Devyn, thanks, but ran into problem.
    E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
    E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
    Ran your commands and this popped up. any suggestions?? Folks, PLEASE do not interpret my question(s) as being paranoid. I started out (as many did) w/Windows and with the beau coup amount of ***holes out their that thrive on creating hate and discontent in IT, I'm just trying to cover my six as much as possible. Since I'm relatively new to Linux, I'm just not 100% sure of its security. Thanks in advance...
    Last edited: Jul 27, 2014
    DevynCJohnson likes this.

Share This Page