Antivirus and Antimalware for Linux/Ubuntu?

[slickymaster]

Thread moved to Security.

[uRock]

I ran ClamAV many years ago just to see how it worked.

I use GUFW on my machines to prevent devices not on the network from connecting via SSH and to prevent outside addresses from accessing my camera servers. If you aren't running any any servers, then you can use sudo ufw enable to enable the firewall.

As others have mentioned, the pinned threads on the Security sub-forum is a great place for advice on security hardening.

[TheFu]

BIND supports running in a chrooted environment with the -t switch. It's easy to set up on RedHat-flavored systems. Never tried it with Ubuntu.

It was a RH server at the time.

Yes, chroot would have prevented that initial hack. Even without it, they didn't get far. Attempts to get a root login all failed. Every attempt was logged (and I got an email about the attempt), so it was impossible to miss. They should have just used a reverse ssh connection and it is likely I never would have noticed.

Anyway, since then my default security stance has changed completely. I started attending security conferences, going to local "DC" group meetings, presenting a few times at the local one. There are many security companies here and a world-famous University with well know security researchers and alumni. It is a completely different way of thinking. Once your eyes are opened, they won't be closed again.

[(kyT%0)]

some users here & elsewhere say that they have never used any kind of am / av on their system & they claim that they have never been infected.

my question is that if you have no am / av on your system which implies you have never run any kind of scan to check for malware / virus how do you know if you are uninfected?

on windows i have seen machines without any am / av or with an expired / outdated am / av that work flawlessly but are 100% infected with keyloggers / trojans etc.

[SeijiSensei]

You appear to have missed the discussion about how things that infect Windows don't affect Linux.

You can run clamscan from the clamav package to scan your system. I'll tell you right now you'll either see no problems at all, or else some "PUA" warnings that are generally harmless. If the Linux system has a partition with Windows software on it, like in a dual-boot arrangement, ClamAV may find malware there as well.

Did you read the sticky threads in the Security section as mentioned above?

I've been using Linux since 1995. In all that time I've had one security compromise, on a publicly-facing web server where I failed to keep current with patches to Apache. It was exploited and turned into an IRC bot. Because Linux is fundamentally secure, all they could do was put some software in /tmp and run it from there. That was probably a dozen years ago now if not more.

[(kyT%0)]

You appear to have missed the discussion about how things that infect Windows don't affect Linux.

am aware of that.

You can run clamscan from the clamav package to scan your system. I'll tell you right now you'll either see no problems at all, or else some "PUA" warnings that are generally harmless. If the Linux system has a partition with Windows software on it, like in a dual-boot arrangement, ClamAV may find malware there as well.

have a look here : https://ubuntuforums.org/showthread.php?t=2426449

Did you read the sticky threads in the Security section as mentioned above?

not yet.

I've been using Linux since 1995. In all that time I've had one security compromise, on a publicly-facing web server where I failed to keep current with patches to Apache. It was exploited and turned into an IRC bot. Because Linux is fundamentally secure, all they could do was put some software in /tmp and run it from there. That was probably a dozen years ago now if not more.

which brings me back to my question :

how do you know if you are uninfected when you have no am / av on your system which implies you have never run any kind of scan to check for malware / virus?

[SeijiSensei]

I just said that I run occasional checks with clamscan. They always show no problems.

Also I can look at the output of "ps" to see if any unexpected programs are running. I never see any. All my computers are behind multiple firewalls, so any sort of malware would have to arrive via other means. I run my own mail server which uses MailScanner to do spam and virus scanning, so the occasional email with a malware payload doesn't make it to my desktop. The ones that are intercepted are always carrying a payload targeting Windows machines. I don't exchange files with others, nor do I insert random USB devices into my machines. I used Firefox as a browser for years with add-ons like Ghostery to intercept Javascript crap. (I tried noscript but it was too much work to maintain.) Now I use Brave which has advertising and script blocking built in. I rarely visit sites that might have drive-by infections.

The number of possible vectors of infection are vanishingly small.

Scanning is a lot less important than knowing how to operate safely on the Internet. The biggest security threat is the person at the keyboard.

[(kyT%0)]

I just said that I run occasional checks with clamscan. They always show no problems.

cool.

Now I use Brave which has advertising and script blocking built in.

no offense but that is precisely why i do not want brave. i do not like a browser that comes with built in add-ons. if i want chromium i would get chromium itself, why get a chromium fork.

Scanning is a lot less important than knowing how to operate safely on the Internet. The biggest security threat is the person at the keyboard.

true that.