Posted inIT-DevOps

Commonly antivirus software under Linux

No Comments

Translation to English:

Here’s the translation of the provided text into English. The command-line instructions are left as they are.

I: chkrootkit

chkrootkit is a scanning tool used to detect backdoors or malicious code potentially implanted on Linux systems.

(1) Installation Method (Ubuntu)

sudo apt update
sudo apt install chkrootkit

(2) Usage Method:

chkrootkit -q

-b: Writes logs to a buffer to prevent overwriting.
-q: Quick mode, only checks /dev, /etc, and some executable files.

(3) Upgrade Method:

sudo apt update && sudo apt install -y chkrootkit

II: ClamAV

ClamAV is an open-source, cross-platform antivirus engine and daemon. It’s capable of scanning various file formats and supports updating its virus definition database (virus database) through the network. Designed specifically for Linux and Unix systems, it can be used to detect malicious code files transmitted via email and web servers, as well as scan local file systems for potential malware. Here are the basic steps for installing and using ClamAV in a Linux system:

(1) Install ClamAV

sudo apt update
sudo apt install clamav

(2) Download Virus Database

freshclam

(3) Scan Local Directory

clamscan -r /

(4) View Scan Log

sudo tail -n 50 /var/log/clamav/freshclam.log

Important Notes during Use:

Because ClamAV’s primary function is detection, not repair, you will usually need to manually delete or isolate infected files if issues are found.

To debug potential problems, ensure that you are connected to the network. Sometimes database update failures can be caused by insufficient space or a firewall blocking necessary ports.

III: Rkhunter (Rootkit Hunter)

Rkhunter is an open-source tool used to detect malware and rootkits on Unix and Linux systems. It identifies potential security threats by checking file attributes, system calls, and known malicious program signatures.

(1) Installation Method

apt update
apt install rkhunter

(2) Update Virus Database

vim /etc/rkhunter.conf

Modify the following:

UPDATE_MIRROR=1 to UPDATE_MIRROR=0
MIRROR_MODE=1 to MIRROR_MODE=0
WEB_CMD=”wget” to WEB_CMD=”/bin/false”

Save and exit, then execute the following two lines to update the virus database:

sudo rkhunter –update
sudo rkhunter –propupd

(3) Usage Method

rkhunter -c

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *