decent free antivirus/malware/spyware scanner for Linux : which one to take?!

[tarifa]

Good day dear experts on Neowin, 

 

decent free antivirus/malware/spyware scanner for Linux : which one to take?!

 

Long story but need a decent free antivirus/malware/spyware scanner for MX - Linux 19-1. 

heard about: 
- ClamAV
- Sophos A/V and it doesn't work on MX-16.1 Linux. As for Comodo A/V, it won't install on MX-16.1 Linux. ( followed this  https://forum.mxlinux.org/viewtopic.php?f=108&t=42830&start=20 )

 

so after a long search with a bunch of information i am quite at the beginning: There so many different options - so many things to choose.  At the moment i do not i have an idea nor a glue which one to take - and which one is the best to choose: i have had a closer look and found - here a litte overview wit ha feature to feature comparison... taken from here: https://www.ubuntupit.com/best-linux-antivirus-top-10-reviewed-compared/

 

what do you say?

 

Quote

 

1. Sophos: In the AV-Test, Sophos is one of the best free antiviruses for Linux. It does not only support on-demand scanning but also provide real-time scanning feature. This particular Linux antivirus not only prevents Linux base malware but also works fine on all the major platforms like windows, android. It detects worms and trojans as well and helps to remove from the repository. But if you are kinda geeky Sophos provide you terminal coding facility to make it easier.

Features:
Free
Terminal base
Detect and remove threats
Works for worms, trojan, virus, and malware
Lightweight and easy to use and install
Cross-platform support
Block and remove non-Linux threats

 

2. Comodo: Comodo is another best antivirus software for Linux. It is well known for its unique architecture support and cross-platform feature. It also supports email scanning feature with additional anti-virus protection system which is not available on other application.
Comodo supports windows firewall feature with 32-bit and 64-bit architecture. Comodo Antivirus for Linux also supports all distros, so it widely uses among Linux users. The best of this software is it also works on server side like Red Hat Enterprise Linux Server, OpenSUSE, and SUSE Linux Enterprise Server.
Features:
Free
Easy to use and install
On-demand scanning with no false alert
Real-time protection
Antispam support
Supports cross-platform
Support server-side protection

 

3. ClamAV: This is the best and probably widely referred antivirus in Linux community. ClamAV is the open source and free to use. It is recognized as versatile antivirus to detect trojans, malware, and viruses. It also supports standard mail gateway scanning. It is easy to use and fast to run because it doesn’t have a native GUI and works through the terminal.

Features: 
Opensource
Free
Cross-platform works in Linux, Windows and Mac OS
Works from the terminal
Support on-access scanning for mailing service
POSIX compliant support
Portable

4. F-PROT
F-Prot is the well-renowned antivirus for Linux. This particular Linux antivirus can be used at home or industrial level. It supports 32 and 64bit software architecture as a Linux antivirus software. It scans over 2119958 known viruses and their other possible variants. This Linux antivirus software is portable and performs schedule scanning using cron technology.IT can detect different types of infections trojan even boot sectors.
Features:
Free and portable
Detects more than 21 million threats and their other variants
Can run on different software architecture
Scanning feature for internal drive and drivers
Scan for boot sector virus, macro, and trojan viruses

 

5. Chkrootkit
From the name, Chkrootkit, you can guess it really works on root and frankly speaking it is the best option for rootkit available in a Linux system. IT is lightweight and portable. You can quickly burn it to CD or USB. It contains multiple programs to support the users like.

Features:
Rootkit detection
Lightweight
Portable
Easy to use and fast
Run from terminal
Multiple error solver

 

6. Rootkit Hunter....

 

 

which one do you run - !?  I look forward to exchange ideas and experience

 

have a great day 

 

yours Tarifa 

 

 

[fusi0n]

NOD32 works well on Linux. 

[tarifa]

Hello dear +fusiOn, 

 

Many thanks for the quick reply - great to hear from you - i will have a closer look at NOD32 

 

Have a great day 

regards Tarifa

[Mindovermaster Global Moderator]

You typically never need a virus checker. Since I moved to Linux, I never needed a anti-virus.

 

All I did was turn on the included firewall...

[fusi0n]

1 hour ago, Mindovermaster said:

You typically never need a virus checker. Since I moved to Linux, I never needed a anti-virus.

 

All I did was turn on the included firewall...

How do you know you don't have a virus if you don't have a virus scanner?

 

I think it's always best practices to have something running. There are several 0-Day drive by attacks that can get you infected and you'll never know it.  Malware has matured a lot and a lot of it is no longer trying to cause the end-user issues and be as silent as possible. I build all my packages from source and still run an anti-virus. This is just my option, but letting your guard down because you think you safe is a good way to get pwn3d. 

[Mindovermaster Global Moderator]

11 minutes ago, fusi0n said:

How do you know you don't have a virus if you don't have a virus scanner?

 

I think it's always best practices to have something running. There are several 0-Day drive by attacks that can get you infected and you'll never know it.  Malware has matured a lot and a lot of it is no longer trying to cause the end-user issues and be as silent as possible. I build all my packages from source and still run an anti-virus. This is just my option, but letting your guard down because you think you safe is a good way to get pwn3d. 

Well, nothing ever slowed my computer down to a snail. I never noticed any flukes. I keep my eye on SystemMonitor, and nothing ######y is running.

 

I'm not saying "there are no Linux viruses" I know there are several, BUT, Linux is faster to fixes than Windows. 

 

It is good practice, yes, but is really not needed. I reinstall my OS every ~6 months. So any virus that is present, goes bye-bye.

 

Edit: fu_nky is a swear word? New to me...

[spacelordmaster]

none. Linux doesn't need one

[ThaCrip]

Many say you don't need a anti-virus for Linux. because I suspect the amount of viruses are so low they are pretty much a non-issue.

 

also, I would probably advise a person uses Firejail which is a sandbox program as this way if one happens to get hit with a 0-day, it's damage will probably be limited.

[goretsky Supervisor]

Hello,

This is something I wrote a few years ago:

 

https://www.welivesecurity.com/2015/01/13/really-need-antivirus-software-linux-desktops/

 

While the numbers may no longer be current, it is still accurate in terms of overall prevalency.  Keep in mind, though, the situation on the IoT side has changed because of botnets like Mirai.

 

Regards,

 

Aryeh Goretsky

 

[cork1958]

On 3/28/2020 at 9:10 PM, spacelordmaster said:

none. Linux doesn't need one

Exactly! Haven't ever used one on my systems. Have scanned them just to check it out and see if anything was ever detected, but nothing has ever been found. 

 

Just don't install stupid stuff from untrusted sources.

[goretsky Supervisor]

Hello,

I just saw this yesterday, but it was out a few days before that:

 

https://blogs.blackberry.com/en/2020/04/decade-of-the-rats

 

Apparently, there's been a concerted attack against Linux systems that went unnoticed for about a decade.

 

Regards,

 

Aryeh Goretsky

 

[ThaCrip]

On 4/10/2020 at 5:59 AM, cork1958 said:

Just don't install stupid stuff from untrusted sources.

 

Yeah, just using Linux (desktop) alone keeps one risks minimal and paired with what you said should further lower the already low risk.

 

plus, to lower it even further... I figure one should run Firejail as if one happened to get hit with a drive-by download when browsing online it would likely be contained within the Firejail sandbox and Firejail has only a minimal interference with general usage of ones computer as by default when running ones browser on Linux (Firefox or Chrome) in Firejail it limits persistent save location to /home/*username*/Downloads folder, but other than that, if you download a file and want to run it, don't open it directly from the browser like one might normally do but use ones file manager to access the file as this way it will be outside of the sandbox and will function normally. but other than that, off the top of my head, all is good. but since I wanted a persistent save location on another hard drive I had to tweak things a bit. but most people who only have one hard drive, the defaults are good enough.

 

Firejail also seems to hide certain locations from the browser to... file:/// (put that into the Firefox browser and press enter on Linux) you will see the browser in it's default state can see quite a in there where as once you run it through Firejail, you will notice quite a bit more of the stuff is not visible. so if something shady did get by your Firefox browser for example, it's got more limited access to things etc. I don't know every little detail but it's safe to say one is that much more secure with Firejail than without it and since it does not really interfere with general use, I figure why not use it.

 

so while Linux is not immune, if things stay roughly how they are, which I suspect they will for the foreseeable future, simply because Linux does not have a large enough user base (only about 2% market share compared to Windows 88%), then Linux (desktop) is close enough to virus free. plus, I suspect the typical Linux user is a bit more tech savy than the common person which will probably make it even less appealing for the shady people out there as I suspect they like things to be as easy as possible. like minimal effort for maximum benefits.

 

another thing i suspect some overlook is avoid installing browser extensions you don't trust! ; as a general rule the less the better but having some is almost a must nowadays like for ad-blocking etc.

 

p.s. even Goretsky's article talking about Linux desktop is pretty much inline with what we said. personally I don't worry about most IoT devices since I won't even bother to use stuff like SmartTV's internet function etc, so even if there is some exploit in it, it's pretty much impossible for someone to exploit since it's not online. even my router should be solid given it's running a Tomato based firmware (currently using a Shibby build (which is from the year 2017) since it appears to be stable unlike newer FreshTomato firmware (which are quite recent) on my old router) which should be more secure in general vs manufacturers firmware and it's newer than all of the Heartbleed stuff so it's WiFi should be secure, or at least secure enough.

[spacelordmaster]

You don't need antivirus for Linux sir.

[goretsky Supervisor]

Hello,

The amount of Linux-specific malware out there is quite small, but it's not zero.

Here's an interview with a friend who hunts Linux-based malware for living:  https://www.welivesecurity.com/2020/02/21/up-close-and-personal-with-linux-malware/.  Most recently, he came across this, which targeted some of the largest Linux installations in the world.

 

It does not hurt to be conscientious about such threats and check for them, even in the probability of your running across them is low.

 

Regards,

 

Aryeh Goretsky

 

[ThaCrip]

Even based on the above article, the key word is 'servers'. but for the average user on a desktop... their chances of getting hit with a virus that's Linux specific is quite slim right off the start as the average user would be more likely to fall for Phishing etc than they would be to stumble into a Linux specific virus. so I think that's one thing that's kind of nice about Linux is that, short of browser security flaws or someone installing shady browser extensions, Linux itself makes a computer to the average user online mostly idiot-proof since any Windows specific threats simply won't work by default on Linux (like if they try .exe etc). so if you got a computer user who's computer illiterate, and tends to be click happy etc, if you can give them enough info to NOT install any browser extensions they don't trust (basically as the saying goes for security in this regard... 'if the user did not seek it out, just assume it's a scam/virus etc and don't install it') they should be pretty safe browsing the internet on Linux desktop machine, or at least noticeably safer than they would be on a Windows machine.

 

that article even mentions Linux based routers to... I am using a recent DD-WRT build (from about a month ago now) on my old WRT54GS v1.1 router and that should be pretty secure in it's default state, especially since it makes you change the default username/password upon initial setup (and I always properly clear the NVRAM before and after a build change to help ensure it's in good running order).

 

plus, I think while it would probably not be a bad idea to update DD-WRT once in a while, so it gets a updated OpenSSL etc (OpenSSL v1.1.1i is what my DD-WRT build currently has, which is about a month old now, even though not long ago it was updated to OpenSSL v1.1.1j on the more recent builds), it's probably not something the common person has to worry about much at this point and can probably go years (maybe quite a bit beyond that) without having to worry about any major security issues turning up as reading a recent article online from Feb 2021 said, "OpenSSL has come a long way in terms of security since the disclosure of the vulnerability dubbed Heartbleed back in 2014. Only three vulnerabilities were patched in 2020, and only two of those, which could be exploited for DoS attacks, were rated high severity. No high-severity issues were fixed in OpenSSL in 2018 and 2019." ; so if that's a rough ball park figure, I figure anyone running a fairly recent build of DD-WRT will probably be safe enough for years, short of a critical flaw turning up, which probably won't happen, at least for a while, since it's not like those turn up all that often etc.