Malware and Antivirus Systems for Linux

Have you ever had or suspected malware to be on your Linux system?

  • Yes, I had malware.

    Votes: 0 0.0%
  • I suspected malware, but I never proved it.

    Votes: 0 0.0%
  • Never

    Votes: 0 0.0%

  • Total voters
    0
In my opinion, the fear of viruses is far greater than the threat. Taking myself as an example, I do not practise what is usually referred to as "safe browsing." I am not afraid to "accidentally" visit dangerous places like porn sites and download something, (I know. My bad.) and I have never had a virus. The main key to avoiding them is using a little common sense. What is my definition of safe browsing? One example; if an e-mail is received from an unknown source and includes an attachment, open the attachment at one's own risk. And of course, web sites offering something too good to be true are too dangerous for even me to venture into.

Isn't the entire Ubuntu operating system adware?
Not yet. Wait a couple more years.
 


This article misses the entire point of AV software for GNU/Linux - it's primarily targeted towards mail servers or file servers which serve windows based networks.
 
This article misses the entire point of AV software for GNU/Linux - it's primarily targeted towards mail servers or file servers which serve windows based networks.

What do you mean? Are you saying that Linux anti-virus software is intended for Linux servers on Windows networks?
 
What do you mean? Are you saying that Linux anti-virus software is intended for Linux servers on Windows networks?
The Anti-virus software scans the files that Windows clients upload/download, helping to prevent spreading. I have Anti-virus on my server for this reason. A quick scan weekly on the "server shared files" helps to fight windows-based viruses. Sure the Linux Anti-virus software also fights Linux viruses, but it is more effective at keeping the Windows clients the server "serves" safer.
 
lobo and ryanvade
Although very brief, those are still two of the most informative posts I have seen on the web concerning virus protection.:cool:
 
The tech press are in the news business, which is tantamount to being in the ad business - the world likes bad news - it "sells papers".

I've skimmed a lot of articles about "Linux malware" over the years and none have ever been worth the read... you usually get to the end and read something like 'it only affects Linux 2.4 and only if the user is running everything as root'...

I'll give you an example - I did a search for "new linux worm":

http://www.linuxtoday.com/security/beware-of-new-worm-targeting-linux-pcs.html
Symantec said its researchers warned[...]

(several were clones of this)

Then

http://arstechnica.com/security/201...s-routers-cameras-internet-of-things-devices/
Symantec researcher Kaoru Hayashi wrote in a blog[...]

It's important not to be naive here and understand what is going on. Firstly the main target here will be Linux based devices (cisco, netgear or whatever routers, etc) running horrendously out of date kernels.

There will be a rush of people to buy new domestic wifi router/modem boxes - symantec often bundles it's software with new routers...

The articles appear to put the blame on open source software and Linux and of course it's symantec, a leader in the "virus industry" who depend on the proliferation of malware in order to sell their subscription shitware...

The blame in fact lies squarely with the companies who produce these devices, who fail miserably in providing up to date firmware and give no assistance whatsoever to those trying to produce open firmware to replace the aging one. This is despite these companies using Linux on their devices and profiting from it.
 
I had an interesting problem: mama gave me her USB Flash to copy some files, after copying she found some viruses on the device, so here's the question: if I got a virus, maybe it was written only for Microsoft Windows or I need to find an additional security?
 
I had an interesting problem: mama gave me her USB Flash to copy some files, after copying she found some viruses on the device, so here's the question: if I got a virus, maybe it was written only for Microsoft Windows or I need to find an additional security?
If the virus is for Windows then it will not effect Linux. But for the sake of security, wiping it with a program like Gparted may be a good idea.
 
I usually install AVG to scan windows and just wanted to give an update to the avg URL it is "Not cool enough to post links yet". The URL above "still not cool enough to post links" currently goes to a windows only download.

Thank you for the article! Much enjoyed!
 
I mean LVN if you have a reason to be paranoid...otherwise I have a security appliance on my local to monitor the ins and outs especially with wireshark.
Linux is open source so basically all malware gets spotted. Just dont go downloading crap. Which holds true for windblows especially... I wouldnt trust any virus detectors as they give a false sense of security....
 
I mean LVN if you have a reason to be paranoid...otherwise I have a security appliance on my local to monitor the ins and outs especially with wireshark.
Linux is open source so basically all malware gets spotted. Just dont go downloading crap. Which holds true for windblows especially... I wouldnt trust any virus detectors as they give a false sense of security....

Good point.
 
Informative article. Thank you.

About this statement....
Also, when protecting yourself against malware, it is important to know that malware can only be in an executable or be the executable itself.

This statement is typically true, but not always true. Malware, virus, etc can be any file. Most importantly, a file can be infected without being executable -- the executable code is just inert. Any file can be made executable, userspace especially being vulnerable.
For instance, a PNG, MP3, and FLV files cannot be viruses.

Some malicious files exploit the executable that calls them, eg an FLV could contain malicious code that exploits a flaw in flash player when playing said FLV, usually stored in the file's header.

Anyway, I agree execution must happen somewhere in the stack in order for infection to occur, however, thinking that your FLV is safe might not be the best route. Scan those too, along with your MP3s and PNGs.
 
Informative article. Thank you.

About this statement....


This statement is typically true, but not always true. Malware, virus, etc can be any file. Most importantly, a file can be infected without being executable -- the executable code is just inert. Any file can be made executable, userspace especially being vulnerable.


Some malicious files exploit the executable that calls them, eg an FLV could contain malicious code that exploits a flaw in flash player when playing said FLV, usually stored in the file's header.

Anyway, I agree execution must happen somewhere in the stack in order for infection to occur, however, thinking that your FLV is safe might not be the best route. Scan those too, along with your MP3s and PNGs.

Thank you very much for your comment. I will correct that. Yes, you are definitely correct; I recently learned that some programmers put malicious code in a macros contained in a Word document (*.doc, *.docx, & others).
 
respected sir/madam,

i have implemented IOCTLs in 8250.c file but now am unable to transmit data using RS485 converter from one PC to another PC using device /dev/ttyS0.will u please guide me that how can i transfer data from one PC to another PC
 
respected sir/madam,

i have implemented IOCTLs in 8250.c file but now am unable to transmit data using RS485 converter from one PC to another PC using device /dev/ttyS0.will u please guide me that how can i transfer data from one PC to another PC

Could you ask your question in a new thread? You are more likely to get an answer if your question was in its own thread. We do not like "hijacking" threads. Sorry for the inconvenience.
 
Greetings, folks! Just joined and thanks for the add. Not an IT newbie, but newbie to LINUX. I am in constant CYA mode and have ClamAV on Ubuntu 14.04/64..Wanting an AV system that runs constantly in the background of my system. Had bad experience with BitDefender so that's out of the question. Any suggestions? I'm like Fox Mulder..."Trust no one"! Thanks...
 
Greetings, folks! Just joined and thanks for the add. Not an IT newbie, but newbie to LINUX. I am in constant CYA mode and have ClamAV on Ubuntu 14.04/64..Wanting an AV system that runs constantly in the background of my system. Had bad experience with BitDefender so that's out of the question. Any suggestions? I'm like Fox Mulder..."Trust no one"! Thanks...

You mentioned that you are running ClamAV, but you never said anything bad about it and you have asked this question. I assume you like ClamAV but have not installed "clamav-daemon" which makes ClamAV run in the background. To install the clam daemon, run "apt-get install clamav-daemon" in the command-line with Root privileges. Besides the listed software I discussed in the article, I have no other ideas.

UPDATE:

Okay, thanks to @Dwain Peevey and @Mitt Green , here are better installation instructions for a complete ClamAV security system.

apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
freshclam
service clamav-daemon start
 
Last edited:
Devyn, thanks, but ran into problem.
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
Ran your commands and this popped up. any suggestions?? Folks, PLEASE do not interpret my question(s) as being paranoid. I started out (as many did) w/Windows and with the beau coup amount of ***holes out their that thrive on creating hate and discontent in IT, I'm just trying to cover my six as much as possible. Since I'm relatively new to Linux, I'm just not 100% sure of its security. Thanks in advance...
 
Last edited:

Members online


Top