Malware Detection

Sojourn71

New Member
Joined
Jun 8, 2026
Messages
13
Reaction score
10
Credits
132
I know people say malware isn't as big an issue on Linux (something I'm QUITE thankful for!), but I do have a couple of
expensive SSD's that I need to rule out in terms of having any malware on them. Any suggestions?
And if the best answer is to run more than one tool, I'm fine with that!
 


Welcome to the Forum.
1781820077821.gif


The best thing to do is nothing...Linux isn't windoze.

Malware can't install on your system without your permission...maybe take a look at this...
https://easylinuxtipsproject.blogspot.com/p/security.html
 
Stick to your distro's official repositories (except the AUR) and only use third-party repositories you absolutely trust. PPAs are especially risky. But good practices (like the above advice and keeping your OS updated) are sufficient to keep your OS safe.
 
I'll admit I'm a little gunshy because if there is malware on those SSD's (can't remember if I used them at t time that could've gotten them infected) it's the same dastardly thing that destroyed my laptop's motherboard
 
Even if they have malware, the odds of that malware impacting Linux are quite low.

You can scan them with tools like 'clamav'.
 
because if there is malware on those SSD's
If you suspect malware then you need to reinstall everything and clean reload OS.
Don't rely on AV's because they won't help you.

Use software such as aide to track your data on drive for unauthorized changes, this is helpful only on clean and trusted computer, if you don't trust it aide is of no help.
 
Last edited:
With reference to the post above by @////// , I ran a quick search for build-essentials in Software Manager (I run Linux Mint cinnamon, 22.3) and discovered it is intsalled.

I install lots of software, but Build-essential does not ring any bells in my memory.

It is not the type of software I would install. It is aimed primarily at. and is required for building Debian packages.

"If you do not plan to build Debian packages, you don't need this package."

I do not have any interest in building debian packages, or any other packages. Zero.

More info from anyone with an interest/knowledge is welcome. Please.

Is there a scanner that is reliable? etc
 
I know people say malware isn't as big an issue on Linux (something I'm QUITE thankful for!), but I do have a couple of
expensive SSD's that I need to rule out in terms of having any malware on them. Any suggestions?
And if the best answer is to run more than one tool, I'm fine with that!
First rule of fight club.... well no actuall first rule of anti virus/malware... NEVER RUN MORE THAN ONE DETECTOR. EVER!!!!!

Reason is that the programs expect to be the only one running and if you run more than one at a time you will have conflicts that cause unpredictable results.
 
Like others have said, try to use official repositories as much as possible. If you need app from Flatpak or Snap stores, make sure it's official or at least community-driven, more eyes on an app usually means it's safer. If you're an Arch user installing packages from the AUR, always read the PKGBUILD before installing. There is also rkhunter to check for rootkits
 
And if the best answer is to run more than one tool, I'm fine with that!

Regarding the tools..
While there are plenty of options, many of the "classics" like rkhunter or chkrootkit simply aren't up to the task anymore. They struggle to keep up with modern, AI-generated malware, and by the time they flag something, it’s often way too late.

If you’re looking for something more proactive, I’d highly recommend using YARA. It's great because you can set up a real-time scanner for your "Downloads" folder that flags threats in under a second.

Also, don't underestimate the risks coming directly through the browser. We're talking about "Drive-by-Downloads" where gigabytes of data can be pulled in the background without you even noticing.

ps.. There are plenty of useful YARA rules for the AUR to detect, analyze, and (depending on your setup) block malicious PKGBUILDs
 
@Condobloke
Thanks for the info regarding the status of YARA-X. Since YARA-X is written in Rust, I'm expecting significant performance improvements. As soon as it hits the official Arch repo, I plan to migrate my real-time scanner, "yara-analytic", over to YARA-X. :)
 
@Condobloke
Thanks for the info regarding the status of YARA-X. Since YARA-X is written in Rust, I'm expecting significant performance improvements. As soon as it hits the official Arch repo, I plan to migrate my real-time scanner, "yara-analytic", over to YARA-X. :)
thanks for info. i have heard about YARA but didnt know what it were for. i need to read more and build a program that uses YARA-X.
 
lynis - Description: security auditing tool for Unix based systems
debsecan - Description: Debian Security Analyzer
clamav - Description: anti-virus utility for Unix
 
thanks for info. i have heard about YARA but didnt know what it were for. i need to read more and build a program that uses YARA-X.

If yara-x is not available from the repo, then download yara-x from GitHub and compile it using "cargo build --release". You can find yara-x (yr) in /target/release. Download an EICAR test malware file and test it with this test.yar.

example:
~/Build/yara-x/target/release/yr scan test.yar eicar.com.txt

ps.. It is available on the AUR. However, I don't use AUR, Flatpak, or AppImage, hence GitHub.

Code:
rule eicar_test {
    meta:
        description = "EICAR_TEST_RULES"
        author = "Rocky10x1"
    strings:
        $eicar_sig = "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
    condition:
        $eicar_sig
}
 


Follow Linux.org

Staff online


Latest posts

Top