Some antivirus for Linux

Diego Germán González

4 minutes

We recommend antivirus for Linux

In the past week we had talked about whether the need to use anti-malware programs extended to all operating systems. In this post we will recommend some antivirus for Linux.

I must say that my previous article convinced me of the need to use it. I exchange a lot of files with Windows users and I insist, that in a network we are all responsible for security.

Some antivirus for Linux

I have to mention that the offer is not as abundant as I expected (At least not when it comes to open source applications), so I can't promise you too much originality. I like to recommend new titles, but I can't get them out of my sleeve.

ClamAV

This is the first recommendation you will find in any collection that is not sponsored by an antivirus developer company.

It is about de a set of tools controlled by a command line interface whose purpose is to find and combat attacks by trojans, viruses, rootkits and worms, and other types of malicious software.

From the aforementioned command line interface we can update the signature database, scan directories and files and check the content of emails

The program has three components:

  • Application engine: It is the part of the program that is responsible for detecting malware.
  • Database: Contains the information necessary to detect malicious software.
  • User interface: The program comes with a command line interface. However, graphical interfaces have been developed such as ClamTK

Some features of the program are:

  1. Multiple updates.
  2. Virtual multi-threaded scanning (Investigates multiple types of threats at the same time) reducing scan time.
  3. Protection in real time.
  4. Complete and updated signature databases.
  5. You can scan compressed and uncompressed files.

ClamAV and ClamTK are in the repositories of the main Linux distributions.

Sophos

And here we fall squarely into commercial antiviruses and, of course, proprietary ones. Although the single-user license is free.

Those who tried it say that Sophos it is more difficult to configure than ClamAV although it is faster. It should be noted that instead of using ClamAV's signature verification system, it uses behavioral analysis.

Note: The reader jesus andrade tells us that support for Sophos antivirus ends in July and is being replaced by a new product.

Rootkit Hunter

We return, not to abandon them, to open source applications. rootkit hunter es a tool that scans your computer for:

  • Root kit: A type of malware that facilitates unauthorized access to sensitive parts of the computer for criminal purposes.
  • Backdoor: They are vulnerabilities in the operating system or other software that can be used for criminal purposes.
  • local exploit: It is a way to illegitimately obtain administrator user privileges by exploiting vulnerabilities in an application that legitimately obtained them.

The program uses a database of previously reported malware and compares it with the result of the file scan.

Rootkit Hunter is ideal for use by novice users, even if it is managed from the command line.

chkrootkit

Es a tool very useful to detect abnormal behavior on the computer or unexplained changes in sensitive areas of the system. However, it cannot automatically detect unknown malware and requires running commands in expert mode to analyze suspicious binaries.

It is another program that is executed from the terminal and is integrated by the following tools:

  • chkootkit: It is the script that takes care of checking the system binaries to see if they were modified.
  •  ifpromisc.c: Check if the interface is in promiscuous mode. In promiscuous mode, the network interface passes absolutely all received traffic to the central processing unit, ignoring the established limitations. It is normally used for checking, but it can also be exploited by criminals.
  • chklastlog.c: Look for deleted activity log entries.
  • chkwtmp.c: Detects if data was deleted in the logon and logoff log.
  • chkproc.c: Look for signs of LK Trojan activity in processes.
  • chkdirs.c: The same, but in the directories
  • strings.c: Detects botched deletion of strings
  • chkutmp.c: Try to detect deletions in the current system activity log.

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   dark_king said
    ago 11 months

    You need a comfortable antivirus for linux, the program has not been updated for a long time but they continue to update the virus database.

    Reply to dark_king