Continuing with theme which we started in the previous article, we are going to list some antivirus for Linux. We already explained why in our opinion it should be an essential part of our installation. We are not only a possible means of transmission but also a target.
Importantly In the repositories we have free and open source antivirus that provide us with adequate protection.
I emphasize this because with the increase in the use of Linux in the corporate sector, antivirus developers began to consider it in their business plans and, on their web pages, they write things like these:
Not all antivirus software is equally effective, although most of the existing ones for Linux obtain better results than their Windows counterparts. The differences are so great that the user must take their time to investigate and make the most convenient choice for their organization. Users may be tempted by the argument that open source solutions are free. However, their configuration and maintenance is more complex and time-consuming. Ease of use, performance, number of viruses detected, support and scalability are also not comparable.
It is not a verbatim quote, but those are more or less the arguments. As we already said, you should not pay attention to them.
Some antivirus for Linux
ClamAV/ClamTK
This is Linux and it is no coincidence that the solution The most comprehensive open source tool for detecting malicious applications such as viruses, trojans and malware is intended to be used from the command line. It is also not surprising that someone has created a graphical interface.
Let's go by parts:
On the one hand, we have ClamAV made up of 3 components
- Motor: Responsible for malware detection.
- Database: It contains the information that the engine needs to identify the malware.
- User interface: Allows the user and the application to interact.
On the bull side we have ClamTK which is a graphical interface that replaces the command line interface native. Both ClamAV and ClamTK are in the repositories.
The main features are:
- Permanent updates:
- Simultaneous scanning of several types of threats.
- Protection in real time.
- Scanning compressed files.
- Email analysis.
- Support for various archive formats including ZIP, RAR, Dmg, Tar, GZIP, BZIP2, OLE2, Cabinet, CHM, BinHex, SIS among others.
- It can analyze the format of ELF executable files and portable executable files packaged using UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack or that are obfuscated using SUE, Y0da Cryptor among others.
- It is compatible with documents in Microsoft Office, Adobe Flash, PDF, HTML and RTF formats.
From the ClamTK graphical interface we can:
- Determine what to scan and how to do it.
- Establish what should not be considered a threat.
- Configure Internet access.
- Schedule the analysis and update of the database.
- See previous analyses.
- Restore and delete isolated files.
- Scan a file or folder.
Rootkit Hunter
Although this tool It is used from the command line, its use is not too complex. As the name implies can detect rootkit, a type of malware that seeks to gain access to unauthorized parts of the computer. It can also detect vulnerabilities in the operating system or in applications that have been previously reported.s in a database.
chkrootkit
Other app to use from the terminal, although in this case by slightly more expert users. However, it only works with already reported malware. Chkrootkit may discover abnormal behavior or unexplained changes in parts of the system.
Its components are:
- chkootkit: Script in charge of analyzing the system binaries to detect manipulations.
- ifpromisc.c: Checks if the network interface is passing unauthorized traffic to the central processing unit.
- chklastlog.c: Searches for deleted activity log entries.
- chkproc.c: The same, but in the login and logout registration.
- chkdirs.c: Same, but in the directories.
- chkutmp: Searches to find deleted entries in the system's current activity log.