To my knowledge there are no traditional viruses within linux. You do have rootkits, but that is another subject (rtkhunter and chkrootkit can be used). What we want to do here is to be able to defend against Microsoft Windows viruses. This is especially important if you run WINE (wine is not an emulator), Crossover office, or other Microsoft compatible software on linux. It is also important if you need to detect for an MSWindows virus using a machine that normally can not be susceptible to MSWindows viruses. Case in point. I was over at my brothers place spending the night when I brother was frustrated because he could not get rid of an MSWindows virus on MSWindows 7 using the great Microsoft anti-virus product. Here is sort of an outline we did to deal with the problem. Apparently his daughter brought home a thumbdrive that had a Microsoft type virus.
We plan to use Clamav for at least minimal checking. Some of the features of clamav are:
And just for some entertainment value, here’s a couple features of ClamAV.
* Command-line scanner
* Quick, multi-threaded daemon with support for on-access scanning
* milter interface for sendmail
* Advanced db updater with support for scripted updates and digital signatures
* C library virus scanner
* On-access scanning (Linux® and FreeBSD®)
* Virus db updated multiple times per day
* Built-in support for various archive formats, including RAR, Tar, Gzip, Zip, Bzip2, OLE2, Cabs, CHM, BinHex, SIS and others I dont know
* Built-in support for many mail file formats
* Built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
* Built-in support for popular document formats like MS Office and MacOffice files, HTML, RTF and PDF
If you do not understand what all the features are for, do not worry. Just to say it is good for free.
Step 1: Installation.
Install ClamAV, the daemon, and freshclam.
$ sudo apt-get install clamav clamav-daemon clamav-freshclam
The daemon allows the software to run in the background.
Update virus definitions after installation.
$ sudo freshclam
if you want the gui, then you might install:
$ sudo apt-get update
$ sudo apt-get install clamtk
You will want to do an update:
$ sudo freshclam
ClamAV update process started at Wed Jul 22 00:31:50 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd is up to date (version: 9604, sigs: 56154, f-level: 43, builder: ccordes)
Note: Proxy settings can be added if needed in the file /etc/clamav/freshclam.conf by adding the following info