How to scan for viruses?

[kingsX]

Linux Mint 18.3 Sylvia MATE.

I'd like to do a virus scan as i was just at a 'site that made my pc behave really strangely. I've never scanned before on Linux.
I went to the package manager and downloaded Clamsmtp. When i went to Menu, i couldn't find it.
I am very computer illiterate, so i'm after something that is incredibly easy to use, like the one's people use with Windows. Is there something like this?

Many thanks.

 

[Brickwizard]

once installed clam runs in the background on open files, to do a full scan you have to ask it to, this is normally done with a series of terminal commands, BUT for the newcomer from windows there is a GUI that can be installed from the terminal run $ sudo apt-get install clamtk

 

[Condobloke]

Be Aware......Linux Mint 18.3 reached its end of life in April 2021

As a result it will no longer be supported with security or software updates.

Your "" i was just at a 'site that made my pc behave really strangely.""....may be due to any number of reasons,,,,,,missing security updates being one of them.

Time to Upgrade

Linux Mint 21 is looking good.

 

[captain-sensible]

here are a couple of examples of running clamav from command line :

sudo clamscan -r  --infected --remove=yes --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/ --exclude-dir=/run/media/andrew/7569-5EFD/  /

here -r is recursive
   --infected, same as -i  only prints out infected file, if you wan tt osee what its doing use -v for verbose
for each directory you want to exlcude you have to use  --exclude-dir
because some of the  linux suystem is about virtual , if i understand it right you can get odd results since a virus cann ot be virutal so , i exclude for instance  /proc/
in the above i have an SD card mounted at /run/media/andrew/7569-5EFD/   i excluded since i can do that on on its own. Running clamav  can be useful for running against mounted usbs. etc because the file sytsem is commomly FAT32. I have had in teh past several occurtences where i plugged into a PC at an internet cafe and my usb got infected. Not too much of a problem for linux but if you share that infected usb with a friend using Windows they won't be very happy. The last entry above is "/" meaning i scan the whole system .

To update virus signitures for clamav run eith as root :
# freshclam
or
sudo freshclam

the one to run with prudence might be --remove=yes , perhaps do a dry run first
also

--log=/home/andrew/Desktop/clamscan.txt

here i output to a text file so i can grep if i used verbose and it outout everything

 

[KGIII]

It's kinda amusing that you're concerned about security - but using an EOL distro version.

It'd be far more likely to secure your system if you updated than if you scanned for malware.

 

[bob466]

Mint 18.3 is long out of date and you shouldn't be using it.

You don't need Anti-Virus software in Linux...just enable the firewall. Linux is more secure than windwoes and running such software would give false positives and might cause harm.

 

[osprey]

If the user is running linux, but actually dealing with files from MS, then a virus checker may be useful. For example in the case where the linux machine is being used to accept MS files and then pass them on elsewhere to other MS machines. Such files can carry viruses if not checked. A linux machine that doesn't touch anything MS has little to be concerned about on the virus front, as a search online for linux viruses will attest to. There's been so few of them and they've been neutralised promptly.

More of an issue for linux, as for all computer users, are developments like the discovery of the recent spectre and meltdown exploits. These potential problems, (in "layman's" terms), involved attackers being able to write code to "out of bounds" parts of memory which could be used to execute any number of destructive and detrimental programs of their own making. Lots of CPUs were vulnerable, but the "fixes" have been made and there are tests to see if the risks have been eliminated or mitigated in any particular kernel. For example, if the following kernel config is "y" (for yes) in the current kernel, mitigation is present:

[yin@yang /boot]$ grep CONFIG_PAGE_TABLE_ISOLATION config-$(uname -r)
CONFIG_PAGE_TABLE_ISOLATION=y

One can also check the vulnerabilities files for mitigation:

[root@yang /sys/devices/system/cpu/vulnerabilities]# ll
total 0
-r--r--r-- 1 root root 4096 Aug  8 19:55 itlb_multihit
-r--r--r-- 1 root root 4096 Aug  8 19:55 l1tf
-r--r--r-- 1 root root 4096 Aug  8 19:55 mds
-r--r--r-- 1 root root 4096 Aug  8 19:55 meltdown
-r--r--r-- 1 root root 4096 Aug  8 19:55 mmio_stale_data
-r--r--r-- 1 root root 4096 Aug  8 19:55 retbleed
-r--r--r-- 1 root root 4096 Aug  8 19:55 spec_store_bypass
-r--r--r-- 1 root root 4096 Aug  8 19:55 spectre_v1
-r--r--r-- 1 root root 4096 Aug  8 19:55 spectre_v2
-r--r--r-- 1 root root 4096 Aug  8 19:55 srbds
-r--r--r-- 1 root root 4096 Aug  8 19:55 tsx_async_abort
[root@yang /sys/devices/system/cpu/vulnerabilities]# cat spectre_v1
Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[root@yang /sys/devices/system/cpu/vulnerabilities]# cat spectre_v2
Mitigation: Retpolines, STIBP: disabled, RSB filling
[root@yang /sys/devices/system/cpu/vulnerabilities]# cat meltdown
Mitigation: PTI