Virus guards for Linux? Is it necessary

OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
There's also antivirus live CD http://antiviruslivecd.4mlinux.com/

IMHO, installing an AV in Linux is a waste of time and resources. I've been using Linux like for 10 years or so and never, ever had a single issue regarding viruses, malware or any other kind of "infection". That being said, I think using something like AV live CD might be a better approach; don't have to install, just boot the live OS, and scan my system(s).
Yeah, i guess thats a better idea. I was in a doubt whether to install an AV or not. Ill try this. Thanks for the reply
 


Tolkem

Well-Known Member
Joined
Jan 6, 2019
Messages
1,251
Reaction score
1,021
Credits
8,725
So, to clearly answer your question. No, Linux isn't absolutely necessary on Linux.
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
 
OP
Tharindu

Tharindu

Member
Joined
May 21, 2021
Messages
46
Reaction score
39
Credits
368
Hey @Tharindu! :) Welcome to Linux, and linux.org! :D It's up to you, as to whether or not you want to use AV Software in your Linux Distro. I use ClamAV because, well, I can... ;) And, 'cuz it never hurts, though I've never, to my knowledge, had some dangerous Virus or Trojan or some Malware on the Linux Distro(s) I use. Linux IS more secure, mostly due to the fact that it's Free and Open Source, which means many people can (and do) scan the Code for any bugs. :) And though a few ones don't get spotted for a while, they do eventually. ;)

Also, Linux uses Programs from the BSDs (FreeBSD, NetBSD, OpenBSD, etc.) that are really good, like OpenSSH, among many others. But the most important Antivirus is YOU. :) Always use common sense, and don't install anything that isn't in a given Linux Distro's repositories, or if outside Programs ARE known to be secure and reliable, than you can use those too. Though, I've never had much of a reason to that often, since pretty much anything and everything you'd need (especially if you're a person who just watches videos, listens to music, goes Online, etc.). :)

Lastly, usually Linux Servers run AV Software, because many Windows users ALSO use those Servers, like Google's or this lovely, sexy Website here. :D

Always use common sense
I guess this advice is better than any AV. .
Thank u very much
 

dcbrown73

Well-Known Member
Joined
Jul 14, 2021
Messages
361
Reaction score
329
Credits
3,199
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
Ha, yeah. I was trying to compose that while I'm at work. I was actually on a scrum with my team when that happen.
 

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
3,718
Reaction score
3,324
Credits
18,151
Never even knew that they have their own brave search engine.
I do not use their search engine. I use duckduckgo. Why?...see my signature below
 

captain-sensible

Well-Known Member
Joined
Jun 14, 2019
Messages
2,531
Reaction score
1,672
Credits
15,089
seeing as this is fairly current , i guess I can't be accused of poring Coca Cola on it as in "come alive with coca cola"


if you are going to use clamav a couple of tips

Firstly clamscan doesn't create output to a log unless you tell it to.

So a simple way of getting output is a simple text file on your Desktop and include something like this , in your instruction --log=/home/andrew/Desktop/clamscan.txt


Unless you use -v flag you can't see what its doing, if anything, nor where its scanning . Trouble is, with -v flag there's a lot of output and if clamscan finds something its all mixed in with it, or you just use the --infected flag, but as i said a scan could take quite sometime and then you wonder if its frozen or something else. Also there's some locations which i understand can't be infected with a virus because they don't exist ! By that I mean they are virtual .

So i include these tags --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/

To play with clamscan you can get a free virus from https://www.eicar.org/?page_id=3950

A typical test for that was :

Code:
[[email protected]:~/Desktop][1]$ sudo clamscan -r --infected --remove=no  --log=clamscan2.txt  virus
/home/andrew/Desktop/virus/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/home/andrew/Desktop/virus/eicar.com: Win.Test.EICAR_HDB-1 FOUND


where "virus" was the directory on my Desktop holding the test virus

Recently i ran this :

Code:
sudo clamscan -r -v -o --infected --remove=yes --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/ --log=/home/andrew/Desktop/clamscan.txt

Now thats produced quite a bit of output too much to mouse scroll through , in the summary it just said "1 infection" or something along those lines , but not waht nor where. So how do you find it ?

First thing is to know how clamscan "flags up" a problem , is it "infected" - no , is it "virus" -no

its simply the word "FOUND" so to get entries from clamscan.txt i used:


Code:
$ grep "FOUND" clamscan.txt                    (10-08 09:48)
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
/home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND


So it was showing /home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND as the issue
 

Nik-Ken-Bah

Well-Known Member
Joined
Sep 9, 2019
Messages
685
Reaction score
630
Credits
2,302
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top