Malware and Antivirus Systems for Linux

Have you ever had or suspected malware to be on your Linux system?

  • Yes, I had malware.

    Votes: 0 0.0%
  • I suspected malware, but I never proved it.

    Votes: 0 0.0%
  • Never

    Votes: 0 0.0%

  • Total voters
    0
Devyn, thanks, but ran into problem.
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
Ran your commands and this popped up. any suggestions??
Don't forget to log into root with "sudo" before the command.
 


Don't forget to log into root with "sudo" before the command.
re-entered command and got following:
sudo apt-get install clamd
[sudo] password for dwain:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package clamd
Suggestions???
 
Devyn, Mitt: did following--
sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
sudo freshclam
sudo service clamav-daemon start
Up and running now. Thanks for your help, guys!!
 
UPDATE:

Okay, thanks to @Dwain Peevey and @Mitt Green , here are better installation instructions for a complete ClamAV security system.

apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
freshclam
service clamav-daemon start

You could also install "clamtk" to get a GUI for ClamAV.
 
DevinCJohnson,

I like your posting. It is well done.
There is just one type of threat you don't stress enough: the user.

All the rest comes second.

It is the user who
  • doesn't update his system
  • visits obscure websites
  • clicks on everything that blinks
  • doesn't understand the sometimes cryptic waning messages
  • doesn't speak the language the warning message is written in
  • doesn't realize the risks and the aftermath of an infection
  • doesn't care if his system is compromized
  • doesn't want to install security software
  • never been infected before, thinks the risks are made up and are only commercial talk to sell their so-called best anti-virus tools
  • ...
The word PICNIC comes to mind regarding security: Problem In Chair, Not In Computer

For as long as humans are involved, we will have problems and even the best anti-this and anti-that will not help.

Luckily those PICNIC's are a minority.
 
Last edited:
DevinCJohnson,

I like your posting. It is well done.
There is just one type of threat you don't stress enough: the user.

All the rest comes second.

It is the user who
  • doesn't update his system
  • visits obscure websites
  • clicks on everything that blinks
  • doesn't understand the sometimes cryptic waning messages
  • doesn't speak the language the warning message is written in
  • doesn't realize the risks and the aftermath of an infection
  • doesn't care if his system is compromized
  • doesn't want to install security software
  • never been infected before, thinks the risks are made up and are only commercial talk to sell their so-called best anti-virus tools
  • ...
The word PICNIC comes to mind regarding security: Problem In Chair, Not In Computer

For as long as humans are involved, we will have problems and even the best anti-this and anti-that will not help.

Luckily those PICNIC's are a minority.

Wow, I really like your post. That is a very interesting and true concept. I have never heard of "PICNIC" before. Thanks for sharing.
 
Hello. I'm a new Linux user here and have Debian (wheezy) installed.
I have been trying to find ClamAV using Apper and am confused by all the different filenames that show up when I searched on Apper for ClamAV.

I know to look for ClamAV and ClamTK, and an app that makes it run in the background, which by just those names don't show up without other letters or words in the filename. Which ones do I need?

Also, I went to the ClamAV website and found out that it must be built using text line commands (er; programming skills that I don't have). LOL
I don't have the time or know how to do all of that and just want to install it like you would with Apper.

Thanks in advance,
Noidly1
 
Hello. I'm a new Linux user here and have Debian (wheezy) installed.
I have been trying to find ClamAV using Apper and am confused by all the different filenames that show up when I searched on Apper for ClamAV.

I know to look for ClamAV and ClamTK, and an app that makes it run in the background, which by just those names don't show up without other letters or words in the filename. Which ones do I need?

Also, I went to the ClamAV website and found out that it must be built using text line commands (er; programming skills that I don't have). LOL
I don't have the time or know how to do all of that and just want to install it like you would with Apper.

Thanks in advance,
Noidly1

I am not familiar with Apper, so I cannot provide specific instructions. However, I can give you an alternative way of getting ClamAV + ClamTK.

ClamAV - http://www.clamav.net
ClamTK - http://sourceforge.net/projects/clamtk/

http://www.clamav.net/download.html#otherversions

I hope this helps.
 
Antivirus programming isn't completely futile on Linux. On the off chance that you are running a Linux-based record server or mail server, you will most likely need to utilize antivirus programming. In the event that you don't, contaminated Windows machines may transfer tainted documents to your Linux machine, permitting it to contaminate different Windows frameworks.

That is true. Thanks for the suggestion.
 
UPDATE:

Okay, thanks to @Dwain Peevey and @Mitt Green , here are better installation instructions for a complete ClamAV security system.

apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
freshclam
service clamav-daemon start

You could also install "clamtk" to get a GUI for ClamAV.

G'day Devyn and other folks

Just wanting to clarify; does using the clamav-daemon on a desktop (running LM17.1 KDE) mean it becomes an on access or real time scanner? Or does this just mean it is on all the time, sitting there, and updating itself regularly, but not scanning anything until asked manually?

Cheers
 
Only scans files for viruses when you run it to, so short answer on access
 
Only scans files for viruses when you run it to, so short answer on access

Thanks Darren

You are obviously busy, and your reply too brief for me to make clear sense of. I presume you are saying it can't do on access or real time scanning; only manual scanning.

That was my understanding, but just wanted to be sure. I suspect real time scanning is not necessary, and possibly wasteful of limited resources on my old machines.

Cheers
 
Yes correct no realtime scanning as you would get in Windows where every file is s anned as it is opened.

It is not necessary, no Windows executables running.
 
Yes correct no realtime scanning as you would get in Windows where every file is s anned as it is opened.

It is not necessary, no Windows executables running.

Thanks Darren

I am more concerned about passing on Windoze viruses, including to my own Windoze installations,, than the vanishingly rare Linux viruses that might be around.

I understand clam can be set up to monitor email viruses in real time on a server. Do you know if this can be done on a desktop installation?
 
You could setup a service where a file change in a directory triggers a scan. But in all honesty, a scheduled scan would probably be good enough.

(Links removed)

Thanks ryanvade

This is too technical for a desktop user such as myself.

I run LM17.1 KDE on three old 32 bit machines. On all three machines I had previously set up clamav/clamtk to do what I thought would be real time or on access scanning, but the more I read around about clam, the more I think it just can't do that in any situation on a desktop.

My conclusion is that this software is not meant to be used by everyday desktop users, other than as a manual on demand scanner on specific occasions. It seems to me that virus protection options as per the Windows environment is considered completely unnecessary in the Linux desktop environment, and the only thing a Linux user might consider is manually scanning something sent to a windows environment, just for the sake of that windows environment. More likely, the preferred option would be to forget about viruses altogether, and leave the Windows users to look after their own security.

My current explorations about clamav spring from finding that the installations were causing rogue downloads of tens of megabytes (up to 100MB) every day or two on all three machines. I suspect some system updates contaminated the clamav/tk installations such that they thought they had to download the entire database regularly, but I can't confirm that theory. Removing the installations stopped the rogue downloads, and I am now experimenting with a re-installation on one machine, set to manual update, to see if it behaves. Not sure I will persevere with it, even if it does, given the above considerations.

Cheers
 

Apologies; not sure what happened to the above reply post, but here it is again:

Thanks ryanvade

This is too technical for a desktop user such as myself.

I run LM17.1 KDE on three old 32 bit machines. On all three machines I had previously set up clamav/clamtk to do what I thought would be real time or on access scanning, but the more I read around about clam, the more I think it just can't do that in any situation on a desktop.

My conclusion is that this software is not meant to be used by everyday desktop users, other than as a manual on demand scanner on specific occasions. It seems to me that virus protection options as per the Windows environment is considered completely unnecessary in the Linux desktop environment, and the only thing a Linux user might consider is manually scanning something sent to a windows environment, just for the sake of that windows environment. More likely, the preferred option would be to forget about viruses altogether, and leave the Windows users to look after their own security.

My current explorations about clamav spring from finding that the installations were causing rogue downloads of tens of megabytes (up to 100MB) every day or two on all three machines. I suspect some system updates contaminated the clamav/tk installations such that they thought they had to download the entire database regularly, but I can't confirm that theory. Removing the installations stopped the rogue downloads, and I am now experimenting with a re-installation on one machine, set to manual update, to see if it behaves. Not sure I will persevere with it, even if it does, given the above considerations.

Cheers
 
Of course one thing you can do for web browsing or checking email requiring perceived risk is to boot into a live environment and do what needs to be done for example online banking etc. Then take CD out, you can reboot back in to your regular desktop, this is the beauty and flexibility of Linux and it means there is no record or risk when you do this.

May not be what you want to do but it is handy to have a Live Linux cd around. Puppy Linux or similar can useful for this.
 
Of course one thing you can do for web browsing or checking email requiring perceived risk is to boot into a live environment and do what needs to be done for example online banking etc. Then take CD out, you can reboot back in to your regular desktop, this is the beauty and flexibility of Linux and it means there is no record or risk when you do this.

May not be what you want to do but it is handy to have a Live Linux cd around. Puppy Linux or similar can useful for this.

Thanks Darren

I use a live USB on occasions when I want a faster machine, and boot up my wife's 64 bit laptop, on which she does not want Linux installed properly. However, that is not a practical day to day solution for me.

I guess I will end up with the basic installation of clamtk on my machines if that will work properly, only for use in case I need a scanner on rare occasions that I want to rule out a virus as a culprit. Like most folks, I have never had a virus infection, so I don't have a strong need; just wanted to be fully protected, but that is not possible, and probably not necessary.
 
Thanks Darren

I use a live USB on occasions when I want a faster machine, and boot up my wife's 64 bit laptop, on which she does not want Linux installed properly. However, that is not a practical day to day solution for me.

I guess I will end up with the basic installation of clamtk on my machines if that will work properly, only for use in case I need a scanner on rare occasions that I want to rule out a virus as a culprit. Like most folks, I have never had a virus infection, so I don't have a strong need; just wanted to be fully protected, but that is not possible, and probably not necessary.


Sounds like you are taking a very pratical approach. Like you I have not had any infections with Linux touch wood.
 

Members online


Top