Malware and Antivirus Systems for Linux

Discussion in 'Linux Security' started by DevynCJohnson, Aug 19, 2013.

?

Have you ever had or suspected malware to be on your Linux system?

  1. Yes, I had malware.

    11.8%
  2. I suspected malware, but I never proved it.

    17.6%
  3. Never

    70.6%
  1. Mitt Green

    Mitt Green Active Member

    Messages:
    151
    Likes Received:
    90
    Trophy Points:
    28
    Don't forget to log into root with "sudo" before the command.

    DevynCJohnson likes this.
  2. Dwain Peevey

    Dwain Peevey New Member

    Messages:
    4
    Likes Received:
    3
    Trophy Points:
    3
    re-entered command and got following:
    sudo apt-get install clamd
    [sudo] password for dwain:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package clamd
    Suggestions???
  3. Dwain Peevey

    Dwain Peevey New Member

    Messages:
    4
    Likes Received:
    3
    Trophy Points:
    3
    Devyn, Mitt: did following--
    sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
    sudo freshclam
    sudo service clamav-daemon start
    Up and running now. Thanks for your help, guys!!
    DevynCJohnson likes this.
  4. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,589
    Likes Received:
    1,230
    Trophy Points:
    113
    UPDATE:

    Okay, thanks to @Dwain Peevey and @Mitt Green , here are better installation instructions for a complete ClamAV security system.

    apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
    freshclam
    service clamav-daemon start

    You could also install "clamtk" to get a GUI for ClamAV.
  5. Alain J. Baudrez

    Alain J. Baudrez New Member

    Messages:
    1
    Likes Received:
    2
    Trophy Points:
    3
    DevinCJohnson,

    I like your posting. It is well done.
    There is just one type of threat you don't stress enough: the user.

    All the rest comes second.

    It is the user who
    • doesn't update his system
    • visits obscure websites
    • clicks on everything that blinks
    • doesn't understand the sometimes cryptic waning messages
    • doesn't speak the language the warning message is written in
    • doesn't realize the risks and the aftermath of an infection
    • doesn't care if his system is compromized
    • doesn't want to install security software
    • never been infected before, thinks the risks are made up and are only commercial talk to sell their so-called best anti-virus tools
    • ...
    The word PICNIC comes to mind regarding security: Problem In Chair, Not In Computer

    For as long as humans are involved, we will have problems and even the best anti-this and anti-that will not help.

    Luckily those PICNIC's are a minority.
    Last edited: Jul 28, 2014
    ernestto and DevynCJohnson like this.
  6. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,589
    Likes Received:
    1,230
    Trophy Points:
    113
    Wow, I really like your post. That is a very interesting and true concept. I have never heard of "PICNIC" before. Thanks for sharing.
  7. Noidly1

    Noidly1 New Member

    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Hello. I'm a new Linux user here and have Debian (wheezy) installed.
    I have been trying to find ClamAV using Apper and am confused by all the different filenames that show up when I searched on Apper for ClamAV.

    I know to look for ClamAV and ClamTK, and an app that makes it run in the background, which by just those names don't show up without other letters or words in the filename. Which ones do I need?

    Also, I went to the ClamAV website and found out that it must be built using text line commands (er; programming skills that I don't have). LOL
    I don't have the time or know how to do all of that and just want to install it like you would with Apper.

    Thanks in advance,
    Noidly1
    DevynCJohnson likes this.
  8. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,589
    Likes Received:
    1,230
    Trophy Points:
    113
    I am not familiar with Apper, so I cannot provide specific instructions. However, I can give you an alternative way of getting ClamAV + ClamTK.

    ClamAV - http://www.clamav.net
    ClamTK - http://sourceforge.net/projects/clamtk/

    http://www.clamav.net/download.html#otherversions

    I hope this helps.
  9. DevynCJohnson

    DevynCJohnson Well-Known Member Staff Member Staff Writer

    Messages:
    1,589
    Likes Received:
    1,230
    Trophy Points:
    113
    That is true. Thanks for the suggestion.
  10. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    G'day Devyn and other folks

    Just wanting to clarify; does using the clamav-daemon on a desktop (running LM17.1 KDE) mean it becomes an on access or real time scanner? Or does this just mean it is on all the time, sitting there, and updating itself regularly, but not scanning anything until asked manually?

    Cheers
  11. Darren Hale

    Darren Hale Active Member

    Messages:
    492
    Likes Received:
    202
    Trophy Points:
    43
    Only scans files for viruses when you run it to, so short answer on access
  12. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Thanks Darren

    You are obviously busy, and your reply too brief for me to make clear sense of. I presume you are saying it can't do on access or real time scanning; only manual scanning.

    That was my understanding, but just wanted to be sure. I suspect real time scanning is not necessary, and possibly wasteful of limited resources on my old machines.

    Cheers
  13. Darren Hale

    Darren Hale Active Member

    Messages:
    492
    Likes Received:
    202
    Trophy Points:
    43
    Yes correct no realtime scanning as you would get in Windows where every file is s anned as it is opened.

    It is not necessary, no Windows executables running.
  14. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Thanks Darren

    I am more concerned about passing on Windoze viruses, including to my own Windoze installations,, than the vanishingly rare Linux viruses that might be around.

    I understand clam can be set up to monitor email viruses in real time on a server. Do you know if this can be done on a desktop installation?
  15. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,778
    Likes Received:
    602
    Trophy Points:
    113
  16. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
  17. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Apologies; not sure what happened to the above reply post, but here it is again:

    Thanks ryanvade

    This is too technical for a desktop user such as myself.

    I run LM17.1 KDE on three old 32 bit machines. On all three machines I had previously set up clamav/clamtk to do what I thought would be real time or on access scanning, but the more I read around about clam, the more I think it just can't do that in any situation on a desktop.

    My conclusion is that this software is not meant to be used by everyday desktop users, other than as a manual on demand scanner on specific occasions. It seems to me that virus protection options as per the Windows environment is considered completely unnecessary in the Linux desktop environment, and the only thing a Linux user might consider is manually scanning something sent to a windows environment, just for the sake of that windows environment. More likely, the preferred option would be to forget about viruses altogether, and leave the Windows users to look after their own security.

    My current explorations about clamav spring from finding that the installations were causing rogue downloads of tens of megabytes (up to 100MB) every day or two on all three machines. I suspect some system updates contaminated the clamav/tk installations such that they thought they had to download the entire database regularly, but I can't confirm that theory. Removing the installations stopped the rogue downloads, and I am now experimenting with a re-installation on one machine, set to manual update, to see if it behaves. Not sure I will persevere with it, even if it does, given the above considerations.

    Cheers
  18. Darren Hale

    Darren Hale Active Member

    Messages:
    492
    Likes Received:
    202
    Trophy Points:
    43
    Of course one thing you can do for web browsing or checking email requiring perceived risk is to boot into a live environment and do what needs to be done for example online banking etc. Then take CD out, you can reboot back in to your regular desktop, this is the beauty and flexibility of Linux and it means there is no record or risk when you do this.

    May not be what you want to do but it is handy to have a Live Linux cd around. Puppy Linux or similar can useful for this.
  19. Frankus333

    Frankus333 New Member

    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Thanks Darren

    I use a live USB on occasions when I want a faster machine, and boot up my wife's 64 bit laptop, on which she does not want Linux installed properly. However, that is not a practical day to day solution for me.

    I guess I will end up with the basic installation of clamtk on my machines if that will work properly, only for use in case I need a scanner on rare occasions that I want to rule out a virus as a culprit. Like most folks, I have never had a virus infection, so I don't have a strong need; just wanted to be fully protected, but that is not possible, and probably not necessary.
  20. Darren Hale

    Darren Hale Active Member

    Messages:
    492
    Likes Received:
    202
    Trophy Points:
    43

    Sounds like you are taking a very pratical approach. Like you I have not had any infections with Linux touch wood.

Share This Page