8 Security Tools to Check Viruses and Malware on Linux
Assuredly, the operating systems based on Linux, are much more robust and safe compared to proprietary systems. However, it does not mean that you do not have to worry about viruses or malware on Linux. Regardless of the flavor and size of the Linux installation that is running, be it a single desktop or a farm, it is critical to pay attention to security.
Malware in Linux
Probably, some beginners users will be asked but, what is a malware?.
Malware is any program or file that is harmful to a computer. The malware includes computer viruses, worms, Trojan horses, and spyware.
These malicious programs can perform a variety of functions, including stealing, encrypting or deleting confidential data, altering or hijacking central computer functions and monitoring the users' computing activity without their permission.
Therefore, we must be prepared to protect ourselves from malware in Linux and know how to eliminate them when the problem arises. For them, I have made a summary of some tools (considered the best) for protection against malware in Linux and thus keep our OS in 100% secure zone.
ClamAV is a malware protection tool in Linux, quite favorite for use in servers. It is also available for Windows and Mac systems. ClamAV is extremely powerful and is actively developing, which makes it a strong competitor of commercial antivirus solutions.
Few experts qualify ClamAV as the best available solution, but it's not bad for a primary Linux server. Its most significant advantage is that it is open source.
Sophos Antivirus for Linux
Sophos is a commercial antivirus company that offers a free scan utility. This tool uses a scan engine with which it identifies, isolates and eliminates Trojans, viruses and a variety of malware types in Linux.
More importantly, the program also detects, blocks and removes malware from Windows, Mac, and Android, which makes it an excellent choice for file servers. It even works with web servers, NFS servers or old FTP file servers. If you have a Linux system that serves files, it is critical that you scan them to make sure it has not become a malware distribution point.
For Linux, it is precompiled and ready for a wide variety of Linux distributions, whether they are 32 or 64-bit configurations. The supported platforms include Amazon Linux, CentOS, Debian, Mint, Oracle, Red Hat, SuSE, Turbolinux, and Ubuntu.
The most potent paid version of the Sophos system adds anti-ransomware, a timely consideration if you are running a server that is even slightly critical or has customer, development or product data.
Ckrootkit / rkhunter
Rootkits are a set of programs, scripts, and utilities that access their root account and then maintain that access. A classic rootkit infection gets access through a Trojan horse version of the “sudo” command. They are waiting, watching, for an administrator to type the root password. Then it comes alive, takes the access it needs and wreaks havoc.
Ckrootkit and rkhunter are open source programs, specially designed to scan and verify the presence of rootkits, whether they have already been activated or are prepared and waiting for that fateful command or sequence of instructions.
The main difference between the two is the operating system in which they are executed. Linux users based on Debian have chkrootkit, which is easy to install using:
sudo apt install chkrootkit
While in CentOS:
sudo yum install rkhunter
Any decent security software for malware in Linux will look for a rootkit or a compromised Linux program. We can also do it manually. We compare the checksum of the programs that have been installed with their equivalent in a clean installation system. They should always be identical bit by bit.
But, keeping a system clean is much more than viruses and rootkits. Lynis offers a complete set of security audit tools. Among its main advantages are: being open source and its compatibility with almost all distributions in Linux and Unix, including FreeBSD, Linux, NetBSD, and Solaris. It even works with MacOS.
Another feature that I liked about Lynis is the possibility of linking to anti-malware software such as rkhunter or CalmAV. With this integration, we can also scan and monitor them to verify possible configuration errors, all at the same time. Lynis is exceptionally portable, it can be run directly, or we can install it from a pen drive, CD or DVD, which makes it quite portable.
ISPProtect is the perfect solution for those who are Internet service providers (ISP). The challenge they have is unique, as they must keep their system clean of malware. But they must also control files and in turn what they load or install each of their clients.
This tool relies on its signature-based scan engine to detect viruses in conjunction with a heuristic scanning engine that detects malware in Linux and many environments. It allows us to manage multiple scenarios. These scenarios can be:
- spam sent from the server
- an unknown software package
- an unusually high server load
- or even customers who complain about their servers.
This will make it easier to identify and quickly isolate problems.
Kaspersky Anti-Virus for Linux / Endpoint Security for Linux
Kaspersky has always been known as a power in the world of antivirus. The company divides its product according to the type of system it has: Kaspersky Anti-Virus for Linux Workstations is designed for an interactive system, while Kaspersky Anti-Virus for Linux file servers is designed for file servers. The company also has a product only for email servers.
With many of these solutions, the question is, always, how open the company will be to new attacks and exploits. Well, Kaspersky releases updates to the database every hour, as needed.
Avast Security Suite for Linux
Avast has been a reference in the community as one of the pillars regarding antivirus and antimalware. AVG presents an antivirus solution for Linux servers that are based on the same malware database present in your Windows applications.
Something to highlight is the ability to identify malware in Linux, particularly in dual-boot systems (for those who like Windows to play, for example).
Avast divides its software into three categories according to functionality: First this central security, then file server security and finally network security. All of them are unified in Avast Security Suite for Linux.
Do you have an old 64-bit x86 system? Avast can keep your old hardware safe and updated at the same time. It works perfectly with CentOS, Ubuntu, Debian and Red Hat (including derivatives). It is mainly intended to be executed by administrators from the use of the terminal.
It is presented as one of the best solutions in the market. It is a complete suite. It gives us active support and updates in real time; this gives us an immediate response to the worst malware attacks, including intelligent tools for monitoring usage and traffic. Do not want to pay for a solution to keep a secure domestic file server? Avast gives us a free home edition that is well worth looking at.
ESET File Security for Linux / FreeBSD
ESET provides a broad set of security software tools for archives. It is designed to be able to keep Linux servers clean, safe and running, all at once.
As with many of the other solutions, it also offers remote administration. This is essential if you have more than just a couple of servers in your installation. Especially if you have servers located in offices in the United States or around the world.
ESET File Security works for a variety of Linux distributions. Including Fedora, Suse, Mandriva, Ubuntu, Debian, Red Hat and FreeBSD, among others.
Tell us, how do you protect against malware attacks in Linux?
Great list of solutions. Too many linux advocates (fanboys) despise even bringing up this topic because it somehow lessens their rhetoric. At this point, Linux saving grace is security by obscurity but that’s also changing.
One thing that I rarely see mentioned is how transparent the system is. Virtually everything is logged. A default setup on every system I’ve tested leaves permissions open enough so that anybody (even guests) have read access to everything, list of users, saved install files from synaptic, command-line history, etc. There are also logs of all kinds saved everywhere.
I’m still a newbie but it’s clear that distros, as a whole, are not meant for personal computing. They are, in fact, tweaked server-based OSes meant to be administered. As a result, there aren’t just breadcrumbs everywhere – there are big chunks of debris all over the system.
Installed apps are spread out over various directories, often with no rhyme or reason. Config files and/or folders litter the home directory instead of residing in a set place. Sometimes these config files appear elsewhere. Removing or attempting to “purge” an install isn’t enough. It’s a generally sloppy system from a personal computing standpoint.
I don’t ever intend to go back to the sheer invasive and predatory aspects of the Windows ecosystem but… if we’re being honest, Linux can improve in a number of areas.
I’m trying to figure this out right now because my laptop just got turned into a plastic Brick by Chrome’s zero-day problem with their web extensions. I even had a Google representative walk me through fixing the problem because I pay for cloud storage through Google and she told me I was all set. I never heard anything about this but after minimal research apparently Google has known about it for years and claimed they fixed it in version 73 I was running version 75, luckily I have a twelve-year-old Dell 32-bit laptop that I’ve been playing with various Linux distros off and on Just for kicks. Also whatever the hell is going on with chrome no operating system is safe and there is not one antivirus program that can pick it up in real time because it installed itself as an administrator right down to the command prompt. If Google customer support was honest with me I wouldn’t have left my computer on all night till it spread through my system thinking that it was clean I’m saying that Google are liars.