NOTE: Try this at your own risk. I will not be responsible for any issues.

To my knowledge there are no traditional viruses within linux. You do have rootkits, but that is another subject (rtkhunter and chkrootkit can be used). What we want to do here is to be able to defend against Microsoft Windows viruses. This is especially important if you run WINE (wine is not an emulator), Crossover office, or other Microsoft compatible software on linux. It is also important if you need to detect for an MSWindows virus using a machine that normally can not be susceptible to MSWindows viruses. Case in point. I was over at my brothers place spending the night when I brother was frustrated because he could not get rid of an MSWindows virus on MSWindows 7 using the great Microsoft anti-virus product. Here is sort of an outline we did to deal with the problem. Apparently his daughter brought home a thumbdrive that had a Microsoft type virus.

We plan to use Clamav for at least minimal checking/ Some of the features of clamav are:

And just for some entertainment value, here’s a couple features of ClamAV.

* Command-line scanner
* Quick, multi-threaded daemon with support for on-access scanning
* milter interface for sendmail
* Advanced db updater with support for scripted updates and digital signatures
* C library virus scanner
* On-access scanning (Linux® and FreeBSD®)
* Virus db updated multiple times per day
* Built-in support for various archive formats, including RAR, Tar, Gzip, Zip, Bzip2, OLE2, Cabs, CHM, BinHex, SIS and others I dont know
* Built-in support for many mail file formats
* Built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others
* Built-in support for popular document formats like MS Office and MacOffice files, HTML, RTF and PDF

If you do not understand what all the features are for, do not worry. Just to say it is good for free.

Installation.

Command line install of Clamav for linux. (you can go to the package manager and install these programs also)

Install ClamAV, the daemon, and freshclam.

$ sudo apt-get install clamav clamav-daemon clamav-freshclam

The daemon allows the software to run in the background.

Update virus definitions after installation.

$ sudo freshclam

if you want the gui, then you might install:
$ sudo apt-get update
$ sudo apt-get install clamtk

You will want to do an update:

$ sudo freshclam

ClamAV update process started at Wed Jul 22 00:31:50 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd is up to date (version: 9604, sigs: 56154, f-level: 43, builder: ccordes)

Note: Proxy settings can be added if needed in the file /etc/clamav/freshclam.conf by adding the following info

HTTPProxyServer YOURPROXYIPADDRESS
HTTPProxyPort YOURPROXYPORT

Virus check.

Perform a scan for viruses in your home folder only in verbose mode.

$ sudo clamscan -r /home/YOURHOMEFOLDER

or to perform a scan on all system files, only printing infected files to the screen.

$ sudo clamscan -r -i /

Scan a thumb drive. (This is what I had to do) Most linux boxes will automount a thumb drive.

$ sudo clamscan -r -i /media/[thumbdrivename]

When it completes you should be presented with a Scan Summary similar to the one below. (Your results will vary.)

———– SCAN SUMMARY ———–
Known viruses: 600570
Engine version: 0.95.1
Scanned directories: 1
Scanned files: 14
Infected files: 0
Data scanned: 5.36 MB
Data read: 0.54 MB (ratio 9.94:1)
Time: 3.170 sec (0 m 3 s)

Remove files infected with viruses. Be careful with this one. False positives do exist!

$ sudo clamscan -r –remove /

Schedule clamscan to run with the ‘at’ command

$ sudo at 1:00 tomorrow
at> clamscan -i /home/YOURUSERNAME | mail YOUR@EMAIL.com
at>
job 1 at Wed Jul 22 01:00:00 2009

You could also use crontab, but for simplicity sake I’ve only demonstrated with the ‘at’ command.

This will require that your linux box has Samba installed. Most systems now have it installed by default. (See a linux pro if you need it installed or if needs reconfiguration. as that is not a subject of this instructable.) We are going to do this experiment with an MSWindows XP machine. I do not have MSWindows 7 to test it. Try this at your own risk! MSWindows XP has what is known as an administrative share. (So you will need administrative rights to the XP machine.). If you have your username, password, domain name and etc, it will allow this project to go easier.

Go to (Places > Connect to server) to enter in the information from your MSWindows machine. to see you the windows share.

$ sudo apt-get update
$ sudo apt-get install smbfs

mount -t smbfs -o username=,password= //sambashare /mountpoint

$ sudo mount -t smbfs -o username=adminname,password=adminpassword //192.168.1.133/c /media/smb

You will want to go to Applications > Virus scanner and choose the directory where you have your share set up. Then scan for viruses.

Advertisements