How to scan for Viruses and Rootkits on Linux

After the vulnerabilities help viruses, rootkits strictly in the infiltration on Linux like SambaCry vulnerability on Linux, users of this operating system need to take more optimal security measures. There are many open source tools you can use to scan and check if your Linux system is being attacked by malware. However, you should note that there is no perfect tool or software. Here are 3 tools to scan Viruses and Rootkits on Linux most effectively.

How to scan for Viruses and Rootkits on Linux

1. ClamAV

ClamAV is “standard” antivirus software, and is probably too familiar to you, in addition, anti-virus software ClamAV also has a version for Windows.

Install ClamAV and ClamTK

ClamAV and GUI are separate packages. This is because ClamAV can be run from the command line without the need for a GUI (graphical user interface). ClamTK graphical interface is simpler, suitable for more user objects. Here’s how to install ClamAV and ClamTK.

For Debian and Ubuntu distros:

sudo apt install clamav clamtk

If you are not using the Ubuntu distro, you can find clamav and clamtk in the package manager.

After the two programs have been installed, the next step you need to do is to update the virus databases of the two programs. Unlike other antivirus programs, with ClamAV you will have to do it using the root command or sudo:

sudo freshclam

Freshclam is run as a daemon. To run freshclam manually, you block this daemon with Systemd and then run freshclam normally.

sudo systemctl stop clamav-freshclam

The above process will take some time.

Scan for Viruses and Rootkits on Linux

Before scanning for viruses and rootkits on Linux, click the button Settings, check the options Scan files beginning with a dot, Scan files larger than 20 MB, and Scan directories recursively.

Back on the main screen, click Scan A Directory. Select the folder you want to scan. If you want to scan the entire computer, select Filesystem. You will have to run ClamTK again from the command line using the sudo command for the program to work.

After the scan is finished, ClamTK will alert you to any detected threats and allow you to address these threats. While the best solution is to remove these threats, it will probably cause an unstable system failure.

2. Chkrootkit

The next solution to scan for Viruses and Rootkits on Linux is to install and use Chkrootkit. Chkrootkit will scan for specific types of malware – rootkits for Unix systems just like Linux and Mac. As its name suggests, the purpose of a rootkit is to gain root privileges on the system it targets.

Chkrootkit scans system files for traces of malware and checks them against a database of known rootkits.

Chkrootkit is included in most distribution repositories. Install Chkrootkit using the package manager:

sudo apt installchkrootkit

Check out Rootkits

Just run the command with root or sudo:

sudo chkrootkit

The command will run down the list of potential rootkits, and may pause a bit while scanning files. You will see the note “nothing found” or “not infected” next to each file.

The program doesn’t show the final report after the scan has finished, so you’ll have to manually check to make sure there are no potential rootkits.

Alternatively you can put the program into grep and look for INFECTED, but this way can’t detect everything.

False positive

Chkrootkit is reported to have a validation error on Linux / Ebury – Operation Windigo. This bug has been known for a long time and added the -G flag to SSH.

There are a few manual checks you can use to verify it’s false of validation.

First run the command below as the root command.

find / lib * -type f -name libns2.so

The above command does not return any results. Next try to check if the malware is not using the Unix socket or not.

netstat -nap | grep “@ / proc / udevd”

If the command does not return results, your system is safe.

There are also new false authentication errors with tcpd on Ubuntu. If the command returns positive results on your system, try further investigation, but be aware that the results may be inaccurate.

You may also encounter entries for wted. This could be due to a system crash or a login error. Use last to check if it was a system error. In this case, it might be those errors, not malware.

3. Rkhunter

Rkhunter is also a tool for scanning and finding rootkits on Linux. The ideal solution is to run both Chkrootkit and Rkhunter on your system to make sure any viruses or rootkits are not left out in case of false validation.

Rkhunter is also in your distribution warehouse.

sudo apt install rkhunter

Scan for Viruses and Rootkits on Linux

The first step is to update rkhunter’s database.

sudo rkhunter –update

Next is performing Virus and Rootkit scanning on Linux

sudo rkhunter –check

The program will stop after each part. You may see some warnings on the screen, possibly because of the optimal sub-configuration. After the scan is finished, the program will show you its full activity logs in /var/log/rkhunter.log. You can see the cause of the warnings there.

Additionally, rkhunter also gives you a complete summary of the scan results.

Above are 3 ways to scan for viruses and rootkits on Linux, besides, to avoid spreading viruses, rootkits or serious malware you also need to protect the USB port on Linux and before making any decision to do anything. , try to test and verify the results you get.

If something is found to be wrong, consider your options. If rootkit is detected, backup your data files and format the drive to remove the rootkit. Regularly run anti-virus programs and software to scan and remove viruses and rootkits on your system.

https://thuthuat.taimienphi.vn/cach-quet-viruses-va-rootkits-tren-linux-29122n.aspx
Not only on Windows, Linux, but also on Mac or iOS also have anti-virus software and applications to protect your device 24/24, you can choose the best antivirus apps for iPhone that Taimienphi has divided. Share before, among the anti-virus applications for the iPhone, you must have heard it before.