• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

AV and spyware programs for Linux

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
ihrsetrdr

ihrsetrdr

Señor Senior Member
Joined
May 17, 2005
Location
High Desert, Calif.
What are some (free)antivirus and spyware programs available for Linux? Which are the best? I understand that not running as root is the best starting point for a linux noob, such as I am. And, I know that the vast majority of malware is intended for Windows; however I've heard murmurs here and there of malware for Linux as well.

Is there a way to totally "lockdown" a Linux box without AV and spyware programs, and still be able to interact with the 'net(mail & web)?
 
If you're not logged in as root, nothing will be able to install. So you shouldn't get any malware as long as you're not root. That's my understanding but I could be wrong, hopefully some Linux experts will chime in.
 
ClamAV is a great AV program, I use it on all of my mail servers, and have it installed on pretty much all of my systems.

As a normal user, you can only write files in your home directory, and /tmp, by default. Desktop-oriented distros usually have automounters set up, that will mount CD-Roms and USB keys automatically (and allow you to write to them), as well as kick the permissions to allow you to burn CDs, etc.

There is no spyware checker that I know of for Linux, but one probably does exist. If you are concerned about your box, run ChkRootKit, which checks your system for files and signatures from known rootkits (which would mean your system is compromised)... there's also Tripwire, which monitors any set of files and directories you list for it, and will alert you of any changes to them. This is a big pain to set up if your distro doesn't supply a file list, and maintenance can be bothersome (as you need to authorize each file change and re-learn it each time), but for servers with static configurations, this is a great early-indicator.

Edit: One note though-- AV programs on Linux are different than Windows, there is no active-scan method, scans must be run manually. (In Windows, you can set in the registry a program that is run before executing any file, AV programs make use of this in order to scan the EXE before it's executed by Windows... it's also used by a slew of viruses and spyware that exploit this, to allow them to hide deeper in the system, and stop other things, like virus scanners and spyware scanners from running.) In basic Linux, this option does not exist, when you execute a file, it just executes. (But you can use SELinux, AppArmor, and other systems to allow/deny execution and control what the running program can do).
 
Last edited:
I installed ClamAV (via Synaptic Software Manager) and couldn't get it to work. I researched the documentation, and found that I had to compile the package.

So I uninstalled ClamAV and downloaded and installed AVG for Linux (Mandrake RPM installed via KPackage). After Installation, it was listed under the KDE menu System>File Tools>AVG for Linux Workstations.

Updated the definitions and did a scan- very fast.



This on PCLinuxOS ver .92
 
Last edited:
I like clam AV and ClamTK a nice GUI for the application

Its worth remembering that clamav can scan incoming emails while AVG can not
 
I was looking for directions on use and found that it runs from the Terminal.

Is there a GUI with ClamAV or am I missing something?
 
If you run your own mail server, then AVG can scan incoming mail.. there's a list of virus scanners supported by qmail-scanner about half way down the qmail-scanner page

ClamAV does not have a native GUI, but there are several contributors who have submitted ones like ClamTk, KlamAV, etc.

ClamAV can run in two ways:
Just a normal binary (clamscan).. you run it and give it the path of files to test, and it checks them.
Or, as a Daemon, where you start clamd, and run the client (clamdscan) with the path to the files to scan.. it feeds that request to the already-running daemon, and the daemon checks it and returns the results. The difference is that in daemon mode, you don't need to re-load the virus database on each scan request, but in the stand-alone mode, you don't have wasted memory when it's not scanning.
 
Last edited:
su root said:
ClamAV is a great AV program, I use it on all of my mail servers, and have it installed on pretty much all of my systems.
Click to expand...


i'll give a vote of confidence for this!

I use the windows version (ClamWin) and have used the Linux Version both to great success (and very light on the resources!)
 
The windows version cant/wont delete most viruses it just tries to quarantine them at best.

If it gets too far out of date on updates (Network admin refuses to let us do unattended background updates for programs) it refuses to update at all and you have to download the latest version and reinstall it.

It cant pull a virus out of an inbox without quaranting the entire inbox.

It has multiple issues with trying to cancel a scan midway through.

the list goes on..

Due to the nature of where I work I know for a fact that we are in a very small percentage of users (both hardware and software) that can find every flaw with anything you give us. (I work at a highschool supporting 2100 kids and 300 faculty who are each issued their own laptop through us.)
 
You must log in or register to reply here.

Similar threads

(G{in}[AK)TION]
my experience so far on making another attempt at having another go at linux.
Replies
9
Views
1K
knoober
knoober
David
Linux on my Laptop: Stuff that works and stuff that doesn't
Replies
17
Views
2K
David
David
K
10th gen Intel a lot of beginner questions for start
Replies
16
Views
5K
Kapucha
K
A
Best intro books for understanding UEFI and Windows?
Replies
4
Views
2K
Alaric
Alaric
JrClocker
My Impression of Linux (Ubuntu)
Replies
16
Views
2K
ihrsetrdr
ihrsetrdr
Back