Why we need an Anti-Virus in Linux?

The definition of a Computer Virus is kinda unclear according to Wikipedia: “A computer virus is a computer program that can replicate itself and spread from one computer to another” and instead by Virus definition I will include all the types of malware (viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware).

By Malware Wikipedia defines: “Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems”.

Interestingly but not surprisingly, for Free Software fans, malware is considered any non-open source software, like your nVidia or Catalyst proprietary drivers.  So for this post I tried Avira Antivirus which isn’t free, to fight the fire with fire, or in my case to fight a malware with a malware ;)

What I did, was to download a virus and then scan my PC with Avira, discover it and delete it.

Ubuntu Help has a nice wiki about Antivirus Software under Linux plus some more information which is a worth to read if you are interested to the topic.

Again, so far Linux in Home is considered virus-proof as long as you keep the recommended guidelines such as, don’t login with Root privileges, always use a Firewall, have your SELinux Policy On and use trusted sites to download software, specially if is not open source.

In the future all these might change, and the increased popularity of Linux Desktop/Tablet will probably enable Virus Authors to spend some “quality” time to discover and get advantage of Linux vulnerabilities. But this is not the case today, so we we need an Anti-Virus Software in Linux?


Why we need an antivirus in Linux?

The question seems tricky but the answer is simple. A few cases:

  • To scan our Windows Partition from Linux if we have Dual Boot
  • To scan a USB hard disk  that we might share with Windows guys
  • To scan Windows machines through Network
  • In general to scan files before we send them into a Windows installation (ie with an email)
  • To scan a Wine Installation
  • To scan Windows in Virtual Machines
  • But most importantly because in theory Linux can be affected from a Virus

The threat to have a Virus affected computer is pretty small at the time, but still exists.

But the rule is that we will need an Anti-Virus just to scan Windows stuffs ;)


AVIRA Antivirus

Largest PC protection software houses have also and a Linux client. Without a specific reason I always install Avira in Windows when I have to (rarely), because most of the times it has done the job and is free (as beer). There are also some open source AntiVirus like Clam Tk, but since we need it for scanning mostly Windows issues, lets go with the big names in industry.

You can download the Avira Linux Client from:

Then you unzip the file and you run the <install> file inside the Avira Folder as root

[php]$ sudo ./install[/php]

That will guide you to a simple step by step CLI (Command Line Interface) installation process and all start from the evil User Agreement License. To be honest I felt a bit bad by installing such kind of software.. On the bright side there is an unistall script that you will find in the same folder.

Avira for Linux on the contrast with Avira for Windows doesn’t feature a UI (User Interface) but just a CLI.  Avira installs several scripts:

[php]$ avlinfo -h //shows client info
$ avupdate-guard -h // updates guard
$ avguard -h //manages avira guard
$ avscan -h //scan hdd for virus[/php]

After installation I thought to quickly scan my external HDD, hoping to find something nasty there ;)

[php]$ avscan /run/media/alex/b827343c-8b60-4ac4-b0b4-aecfd9589238[/php]

Unfortunately Avira didn’t discover anything bad.

[php]Warning: quarantine directory /home/quarantine/ not accessible
License has expired at 2012-09-12.
Avira AntiVir Personal (ondemand scanner)
Copyright (C) 2010 by Avira GmbH.
All rights reserved.

SAVAPI-Version: 3.1.1.8, AVE-Version: 8.2.1.176
VDF-Version: 7.10.4.182 created 20100302

AntiVir license: 0000149996

Info: automatically excluding /sys/ from scan (special fs)
Info: automatically excluding /proc/ from scan (special fs)
Info: automatically excluding /home/quarantine/ from scan (quarantine)
scan progress: directory "/run/media/alex/b827343c-8b60-4ac4-b0b4-aecfd9589238/"

------ scan results ------
directories: 1
scanned files: 229
skipped: 50
alerts: 0
suspicious: 0
scan time: 00:00:04
--------------------------[/php]

Except from an expired license even if I just download it..
So the bad thing with viruses is that you can’t find one when you need it ;)


Download a Virus

Initially I had expanded that paragraph to give some more info how we can download malware and affect computers.. just for educational reasons! But I decided to skip that. However I still needed a Virus to test Avira.

You can obtain a Standard Anti-Virus Test File from EICAR (European Institute for Computer Antivirus Research) for demonstration reasons. If you do, read their warnings!

I download the file in my “Downloads” Directory and I re-scanned:

[php]$ avscan /home/alex/Downloads
Warning: quarantine directory /home/quarantine/ not accessible
License has expired at 2012-09-12.
Avira AntiVir Personal (ondemand scanner)
Copyright (C) 2010 by Avira GmbH.
All rights reserved.

SAVAPI-Version: 3.1.1.8, AVE-Version: 8.2.1.176
VDF-Version: 7.10.4.182 created 20100302

AntiVir license: 0000149996

Info: automatically excluding /sys/ from scan (special fs)
Info: automatically excluding /proc/ from scan (special fs)
Info: automatically excluding /home/quarantine/ from scan (quarantine)
scan progress: directory "/home/alex/Downloads/"

file: /home/alex/Downloads/eicar.com.txt
last modified on date: 2013-06-07 time: 18:47:48, size: 68 bytes
ALERT: Eicar-Test-Signature ; virus ; Contains code of the Eicar-Test-Signature virus
ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature
which action to take (quit, none, rename, move, delete)? [none][/php]

Found it! That is pretty much what an Anti-Virus is useful in Linux and how it looks like.

>>>>url

崔哲博客本文短连接地址 : https://xn--xwr12q.xn--fiqs8s/qLNLH
点赞
  1. Ahaa, its pleasant dialogue on the topic of this
    paragraph here at this
    website, I have read all
    that, so now me also commenting here.