Virus guards for Linux? Is it necessary

Tharindu

New Member
Credits
179
There's also antivirus live CD http://antiviruslivecd.4mlinux.com/

IMHO, installing an AV in Linux is a waste of time and resources. I've been using Linux like for 10 years or so and never, ever had a single issue regarding viruses, malware or any other kind of "infection". That being said, I think using something like AV live CD might be a better approach; don't have to install, just boot the live OS, and scan my system(s).
Yeah, i guess thats a better idea. I was in a doubt whether to install an AV or not. Ill try this. Thanks for the reply
 


Tolkem

Well-Known Member
Credits
8,516
So, to clearly answer your question. No, Linux isn't absolutely necessary on Linux.
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
 

Tharindu

New Member
Credits
179
Hey @Tharindu! :) Welcome to Linux, and linux.org! :D It's up to you, as to whether or not you want to use AV Software in your Linux Distro. I use ClamAV because, well, I can... ;) And, 'cuz it never hurts, though I've never, to my knowledge, had some dangerous Virus or Trojan or some Malware on the Linux Distro(s) I use. Linux IS more secure, mostly due to the fact that it's Free and Open Source, which means many people can (and do) scan the Code for any bugs. :) And though a few ones don't get spotted for a while, they do eventually. ;)

Also, Linux uses Programs from the BSDs (FreeBSD, NetBSD, OpenBSD, etc.) that are really good, like OpenSSH, among many others. But the most important Antivirus is YOU. :) Always use common sense, and don't install anything that isn't in a given Linux Distro's repositories, or if outside Programs ARE known to be secure and reliable, than you can use those too. Though, I've never had much of a reason to that often, since pretty much anything and everything you'd need (especially if you're a person who just watches videos, listens to music, goes Online, etc.). :)

Lastly, usually Linux Servers run AV Software, because many Windows users ALSO use those Servers, like Google's or this lovely, sexy Website here. :D
Always use common sense
I guess this advice is better than any AV. .
Thank u very much
 

dcbrown73

Well-Known Member
Credits
3,042
Hmmm ... that doesn't seem any "clearly" to me ;) Did you mean, "AVs are not necessary on Linux?
Ha, yeah. I was trying to compose that while I'm at work. I was actually on a scrum with my team when that happen.
 

Condobloke

Well-Known Member
Credits
15,968
Never even knew that they have their own brave search engine.
I do not use their search engine. I use duckduckgo. Why?...see my signature below
 

captain-sensible

Well-Known Member
Credits
14,907
seeing as this is fairly current , i guess I can't be accused of poring Coca Cola on it as in "come alive with coca cola"


if you are going to use clamav a couple of tips

Firstly clamscan doesn't create output to a log unless you tell it to.

So a simple way of getting output is a simple text file on your Desktop and include something like this , in your instruction --log=/home/andrew/Desktop/clamscan.txt


Unless you use -v flag you can't see what its doing, if anything, nor where its scanning . Trouble is, with -v flag there's a lot of output and if clamscan finds something its all mixed in with it, or you just use the --infected flag, but as i said a scan could take quite sometime and then you wonder if its frozen or something else. Also there's some locations which i understand can't be infected with a virus because they don't exist ! By that I mean they are virtual .

So i include these tags --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/

To play with clamscan you can get a free virus from https://www.eicar.org/?page_id=3950

A typical test for that was :

Code:
[[email protected]:~/Desktop][1]$ sudo clamscan -r --infected --remove=no  --log=clamscan2.txt  virus
/home/andrew/Desktop/virus/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/home/andrew/Desktop/virus/eicar.com: Win.Test.EICAR_HDB-1 FOUND

where "virus" was the directory on my Desktop holding the test virus

Recently i ran this :

Code:
sudo clamscan -r -v -o --infected --remove=yes --exclude-dir=/sys/ --exclude-dir=/proc/ --exclude-dir=/dev/ --log=/home/andrew/Desktop/clamscan.txt
Now thats produced quite a bit of output too much to mouse scroll through , in the summary it just said "1 infection" or something along those lines , but not waht nor where. So how do you find it ?

First thing is to know how clamscan "flags up" a problem , is it "infected" - no , is it "virus" -no

its simply the word "FOUND" so to get entries from clamscan.txt i used:


Code:
$ grep "FOUND" clamscan.txt                    (10-08 09:48)
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
Scanning /run/timeshift/backup/timeshift/snapshots/2021-09-22_11-27-34/localhost/usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/httpd/error/HTTP_NOT_FOUND.html.var
Scanning /usr/share/man/man3/SD_BUS_ERROR_MATCH_RULE_NOT_FOUND.3.gz
Scanning /usr/share/man/man3/SD_BUS_ERROR_FILE_NOT_FOUND.3.gz
/home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND

So it was showing /home/andrew/.thunderbird/t5di4c7x.default-release/ImapMail/imap.gmail.com/INBOX: Heuristics.Phishing.Email.SpoofedDomain FOUND as the issue
 

Nik-Ken-Bah

Well-Known Member
Credits
2,289
$100 Digital Ocean Credit
Get a free VM to test out Linux!


Latest posts

Top