ClamAV has a bit of a learning curve...

Freepoorman

Active Member
Joined
Mar 8, 2024
Messages
150
Reaction score
105
Credits
1,369
I guess I'm a bit paranoid but if I see an unexplained spike in my CPU and RAM usage, I sometimes feel compelled to do a complete virus and malware scan just to help me relax better.

I tried using a GUI for ClamAV but it's just slow and a bit janky. So I did some research and put together a txt file with instructions that I use as a reference every time I want to scan my entire system:

1. Update ClamAV:

Code:
    sudo freshclam

2. Full System scan and automatic quarantine of infected files:

Code:
    mkdir /home/<user>/quarantine
Code:
    sudo clamscan -r -v --infected --move=/home/<user>/quarantine --log=/var/log/clamscan.log --hidden /

3. Watch the log file for infected files found in another terminal window (or use Terminator to view everything at the same time):

Code:
    watch -n 1 'tail -n 50 /var/log/clamscan.log | grep -i infected'

-------------Wait for scan to finish-------------

4. Check the log file to see the results (Optional):

Code:
    sudo less /var/log/clamscan.log

Use up/down arrows to move up/down 1 line.
Use Pg.Up/Pg.Down keys to move up/down 1 page.
Use the "q" key to exit the less viewer.

5. Open the quarantine directory and list contents in long format:

Code:
    cd /home/<user>/quarantine && ls -l

6. Delete infected files:

Code:
    sudo shred -u /home/<user>/quarantine/<infected_file>

This is quite a process compared to what I am used to, but it works ok...
Maybe there is an easier way to get similar results?
 


What you will find in the box below is the sum total of the AV scans I have carried out since taking on Linux in ~2014

1718134669177.png
 
What you will find in the box below is the sum total of the AV scans I have carried out since taking on Linux in ~2014
That many.....
:D
 
What you will find in the box below is the sum total of the AV scans I have carried out since taking on Linux in ~2014

View attachment 20419
I found a windows-trojan not too long ago and since I heard it can still cause problems with wine I removed it. Also the xz Utils situation taught me that there is at least 1 group out there actively trying to compromise Linux systems. I would rather be careful than end up with regrets from bad habits
 
I would suggest reading the link below. AV is pretty much useless for Linux, and probably makes things run worse.

https://easylinuxtipsproject.blogspot.com/p/security.html
This is very interesting. The part about AV software having elevated permissions and a greater target for exploits got me reconsidering everything. I'm not sure if all windows viruses are harmless, I heard there is still a risk through wine...

According to my AI oracle a windows virus can possibly affect a Linux system through wine like this:

  1. Exploiting Wine Vulnerabilities: If the virus is designed to exploit known vulnerabilities in Wine, it could potentially gain access to the Linux system's resources. This is rare, as Wine is generally well-maintained and security vulnerabilities are patched promptly.
  2. File System Access: Wine maps the Windows file system to the Linux file system. If a virus is executed through Wine and it has the capability to write to the file system, it could potentially infect or damage files on the Linux system.
  3. Network-based Attacks: If the virus is network-aware and can communicate with other systems, it could potentially use the Linux system as a platform for launching further attacks, even though the Linux system itself may not be directly affected.
  4. Privilege Escalation: If the user running Wine has elevated privileges (e.g., root access), and the virus manages to exploit a vulnerability in Wine to escalate its privileges, it could potentially gain control over the entire Linux system.

I also found this link that confirms some of this:
 
This is very interesting. The part about AV software having elevated permissions and a greater target for exploits got me reconsidering everything. I'm not sure if all windows viruses are harmless, I heard there is still a risk through wine...

According to my AI oracle a windows virus can possibly affect a Linux system through wine like this:

  1. Exploiting Wine Vulnerabilities: If the virus is designed to exploit known vulnerabilities in Wine, it could potentially gain access to the Linux system's resources. This is rare, as Wine is generally well-maintained and security vulnerabilities are patched promptly.
  2. File System Access: Wine maps the Windows file system to the Linux file system. If a virus is executed through Wine and it has the capability to write to the file system, it could potentially infect or damage files on the Linux system.
  3. Network-based Attacks: If the virus is network-aware and can communicate with other systems, it could potentially use the Linux system as a platform for launching further attacks, even though the Linux system itself may not be directly affected.
  4. Privilege Escalation: If the user running Wine has elevated privileges (e.g., root access), and the virus manages to exploit a vulnerability in Wine to escalate its privileges, it could potentially gain control over the entire Linux system.

I also found this link that confirms some of this:
This is why I do not run wine nor recommend it. windows viruses are windows programs and if you make it possible to run a windows program using wine you make it possible for a virus to do the same. I will not even warranty a computer if the client installs wine. There are plenty of linux based programs out there that take the place of windows programs. I suggest finding one for it and remove wine. As to anti virus on linux, listen to the other members, they are telling you the truth.
If you have a need for a windows program then I suggest you create a virtual machine and install windows there with the program. This way anything goes wrong with a virus in the VM it is trapped in the VM only. A simple restore of a snapshot and everything is good again. I use gnome boxes for the VM and works great. I have a VM for fedora(testing), windows 7, windows 10, windows 11, Dos 6, Debian, Kali, and Ubuntu.... This way you can run windows programs natively without flaky wine issues and have better protection and control over the dangerous windows environment. I don't even run anti virus on the windows VMs because I can just restore a snapshot in 30 seconds.
 
I guess I'm a bit paranoid but if I see an unexplained spike in my CPU and RAM usage, I sometimes feel compelled to do a complete virus and malware scan just to help me relax better.

I don't know how many times we say...you don't need anti-virus software in Linux.
1718146512797.gif


You're just wasting time and being paranoid as you say is clearly an understatement to say the least.
1718146921602.gif

I'm not sure if all windows viruses are harmless, I heard there is still a risk through wine...

I've been using wine for 9 years in Linux and have a win 7 VM with no problems. windoze users are paranoid about everything and rightly so...with all the crap that happens but Linux isn't windoze and hardware problems are not viruses or the fault of Linux either.
1718147664390.gif
 
Last edited:
I don't use Wine, nor mono on my Linux box. I have a separate computer just for Windows, which is not connected to the internet (the best way to keep Windows virus-free).
 
This is why I do not run wine nor recommend it.
AGREED.

This the best advice you will receive.....
f you have a need for a windows program then I suggest you create a virtual machine and install windows there with the program. This way anything goes wrong with a virus in the VM it is trapped in the VM only. A simple restore of a snapshot and everything is good again.
 
If you're really that worried than run your browser and Wine in Firejail Sandbox unless you are using a Linux distro that is Snap based.

Snaps are already Sand-boxed.

I go to questionable websites (dark-web) and never had any problems.

As long as the GUFW / UFW is enabled you should be fine.
 
AGREED.

This the best advice you will receive.....
f you have a need for a windows program then I suggest you create a virtual machine and install windows there with the program. This way anything goes wrong with a virus in the VM it is trapped in the VM only. A simple restore of a snapshot and everything is good again.
That would be nice but I like playing pirated games.. hence paranoia
 
This is why I do not run wine nor recommend it. windows viruses are windows programs and if you make it possible to run a windows program using wine you make it possible for a virus to do the same. I will not even warranty a computer if the client installs wine. There are plenty of linux based programs out there that take the place of windows programs. I suggest finding one for it and remove wine. As to anti virus on linux, listen to the other members, they are telling you the truth.
If you have a need for a windows program then I suggest you create a virtual machine and install windows there with the program. This way anything goes wrong with a virus in the VM it is trapped in the VM only. A simple restore of a snapshot and everything is good again. I use gnome boxes for the VM and works great. I have a VM for fedora(testing), windows 7, windows 10, windows 11, Dos 6, Debian, Kali, and Ubuntu.... This way you can run windows programs natively without flaky wine issues and have better protection and control over the dangerous windows environment. I don't even run anti virus on the windows VMs because I can just restore a snapshot in 30 seconds.
I use Wine for gaming. Games downloaded from "questionable" sites... a VM would work if I had the processing power to share... I guess I am just not the trusting type either, if I download an official Linux application and the code is not auditable, I assume malware
 
but I like playing pirated games
In that case, you are just a sitting duck for all the nasty stuff that you most fear. The vast majority of the people here will not come close to the number of nasties that you will encounter, and which will eventually 'get you'

Good Luck.
 
In that case, you are just a sitting duck for all the nasty stuff that you most fear.
I don't know how often I and others have said, but here we go again.

It doesn't matter how good your Antivirus is or how strong the settings are on your firewall, the weakest point in any computer's security sits squarely between the keypad and seat back
 
In that case, you are just a sitting duck for all the nasty stuff that you most fear. The vast majority of the people here will not come close to the number of nasties that you will encounter, and which will eventually 'get you'

Good Luck.
Thanks ClamAv has been doing a great job at detecting nasties before they can do anything. I also dont have clamd (the clam daemon) so elevated privileges don't bother me when I am manually scanning my system. I read the article about why AV is bad on Linux, I'm just not fully convinced. Especially with the Wine vulnerabilities that were just overlooked
 

Members online


Latest posts

Top