Is there an Ubuntu sanity check for malware?

security malware clamav
20,205

Solution 1

If you are looking for a simple sanity check, you could try this answer: Can dpkg verify files from an installed package. This suggests using 

sudo dpkg --verify

to check for mismatches on the md5sums. On my system, this shows up things like ??5?????? /usr/bin/easy_install which may have been modified legitimately by something other than dpkg or apt-get.

Solution 2

The arguments for and against AV protection have been debated ad nauseam. Without expressing my view for or against, I'll say that I run Sophos AV on Ubuntu 16.04 and it has identified files that were otherwise compromised and / or contained malware, primarily in the area of file storage from the network. This solution has both on-demand and on-access features.

Sophos makes this available free for home / non-commercial use:
https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

So to the question: "Is there an Ubuntu sanity check for malware?"
Yes, and my solution of choice is SophosAV

There are others.

Share:
20,205

Related videos on Youtube

RDM_School_account
Author by

RDM_School_account

Updated on September 18, 2022

Comments

  • RDM_School_account
    RDM_School_account almost 2 years

    Let's say for example I unknowingly install a piece of malware, and install it. How do I know I've done something so stupid? Windows has anti-virus/malware software to check, while GNU/Linux seems to be lacking, with most of these programs on GNU/Linux dedicated to finding Windows viruses, like ClamAV. Sophos seems like a good idea, but it doesn't elegantly install with your package manager, and sometimes pops up a window stating about errors the automatic scanner finds. Besides that, the automatic scanner seems to be pretty particular with kernels, like you can't use a HWE kernel when it comes out. :/

    Also, if I do get malware, can I still install a scanner, or will it not be effective, since the malware could interfere with a new installation? Could I even scan at all on such an infected system? Do I have to use a live USB instead?

    • SiGe
      SiGe over 7 years
      Usually you don't need antivirus software if you using Linux with caution. See further explanation here.
    • RDM_School_account
      RDM_School_account over 7 years
      I know, but what if I make a mistake? That's my problem.
  • RDM_School_account
    RDM_School_account over 7 years
    Could I install it on a live USB session, so I could scan my OS from the outside?
  • Mark
    Mark over 7 years
    For live CD boot and scan I've used Avira.
  • Mark
    Mark over 7 years
  • RDM_School_account
    RDM_School_account over 7 years
    Avira doesn't seem to scan Linux stuff, it only has versions for phones, Macs, and Windows PCs. Besides that, I only have one Live USB lying around, and I really don't want to make one with a potentially infected (though extremely likely not) computer.
  • Mark
    Mark over 7 years
    Avira will scan various file formats including what is likely your installation of EXT4. It is (in effect) OS agnostic.
  • RDM_School_account
    RDM_School_account over 7 years
    But doesn't it need to recognize GNU/Linux viruses at all, sure it'll find most other crap, but I don't think that i'll take notice of GNU/Linux malware.
  • Mark
    Mark over 7 years
    (Sadly I can't edit a comment) What I liked was the Avira rescue ISO which you would boot to directly. While it is likely immaterial, you should create the bootable USB on a machine you don't believe to be at issue. That rescue system image is what I was referring to by OS agnostic.
  • Mark
    Mark over 7 years
    Malware (of which virii is a subset) are detected by inspecting files for code that is known, or via heuristics that detect anomalies during execution. This rescue boot image scans all files and looks for these signatures. The operating system is irrelevant to this process, a file is a file. If you are asking about the level of detection ability - that's an entirely different discussion and it varies across vendors and products.
  • RDM_School_account
    RDM_School_account over 7 years
    I've used debsums, which is similar. Ehh, don't worry, I found out I could use Sophos. One last thing though: If my computer were infected, and I afterwards installed Sophos on it, would Sophos work? Or would it not. It does seem to perfectly work, but my OCD tells me that what if the malware hijacked the program to make it lie. I guess though that tactic would probably apply if Sophos was already on there anyways lol. Let alone most (or all?) malware is just simply not that advanced.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Better malware protection from ClamAV
ClamAV: PUA.Win.Exploit.CVE_2012_0110 FOUND (/usr/share/mime/mime.cache)
What are the .android folders and adbkey files on my computer?
How can I make a detailed report of ClamAv scan results (location of infected files)?
How do I scan for viruses with ClamAV?
clamscan using maldet Error: Servname not supported for ai_socktype
Does ClamAV run in the background and monitor all activity, like Windows AVs do?
ClamAV PUA.Win32.Packer.PrivateExeProte-7
can windows virus affect Linux machine through wine?
Does Ubuntu 18.04LTS require antivirus/malware?