Linux : Needs to have anti-virus program? If so, what would be the best program?

Topic

New Reply

I am migrating to Linux (Mint 19, intending to upgrade it to 19.1), so I am wondering if it is truth that antimalware/virus program is unnecessary and even being security risk in themselves?

If one desires to have a protection program in place, what would be the best? I have seen Sophos came up as the best especially if one disables the telemetry in it?

Should I just download Clam and just use it to as on demand scanner?

Any tips in this area?

I also would like this thread to be use for anyone who are considering moving to Linux from Windows and wondering about the protection.

Reply | Quote

Replies

Well.

Of course these things all carry some amount of risk, even on Windows. (Just how many cases have we seen of a combination of a specific antivirus / other security product and a specific Windows update causing problems, again?)

These tend to be a very manageable risk nowadays on Linux too.

Sophos does seem like a decent product and has listed support for Ubuntu 18.04 so up to date in that regard… hm, really should do some testing on that one myself too… though with no GUI included it’s a bit more of a server-type product than what Mint is usually used for.

 

Comodo for example would be more desktop-oriented at least and specifically lists Mint… but not a recent version. Also hasn’t done particularly well in tests.

 

(On-access scanning being limited to only officially supported kernel builds used to be the major problem of Linux antivirus software way back when. This has improved since, but… well, see the Sophos technical article on fanotify vs custom kernel modules…)

 

And of course you should have Clam installed and updated too (freshclam cronjob preferably). Even if you only only use it as a secondary on-demand scanner (no daemon). It’s a very low-risk product, using it simultaneously with another security product adds negligible risk and allows fallback if your primary tool fails for some reason.

 

As to whether these are necessary… well, that’s more of a question of what you’re doing with the computer, and how. Linux-focused malware does exist in the wild, I’ve seen some… but proper password discipline, closing unneeded service ports and a basic firewall setup seem to block a greater proportion of it and most of the rest is such that it relies on social engineering to get the user to run it anyway.

Reply | Quote

Should I just download Clam and just use it to as on demand scanner?

You can, I have chosen to do this just because there is need because sometimes third party software is downloaded and checked for things.

Reply | Quote

@OP, This has been discussed previously here at AskWoody
My view still stands the test of time regarding this topic, with no viruses and malware kept at bay by RKHunter and Chrootkit.
One thing I would advise is to read easylinuxtipsproject which has some valuable tips and tweaks to safeguard security in LM19
I keep linux stuff for linux and Windows stuff for Windows and don’t share between. YMMV

Windows - commercial by definition and now function...

1 user thanked author for this post.

Lars220

Reply | Quote

I use Sophos A/V for Linux:

https://www.askwoody.com/forums/topic/does-linux-need-antivirus/#post-129891

This is what I posted at the link Microfix referred to in the previous post.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Lars220

Reply | Quote

Thank you for your replies Especially with the links.

So to sum up as for Anti-Virus, I does not really need one but if I want to be 100% sure that I am not passing or holding virus, I use the Clam. Clam will not harm the computer and could be just there for peace of mind for Newly ex-Window users.

As for Antimalware and antirootkit, I should use RKHunter and/or CHRootkits to check (and they are on demand only) on occasion.

If I feel overly concerned, Sophos may be useful.

Other than that, the protection system is unnecessary and may be even harmful to the Linux system by giving the malware path to system root.

Is that accurate summary?

Reply | Quote

I’d say so, ClamAV is also resource friendly in linux and is a good choice should you wish to transfer files to Windows. You’ll also need ClamTK which is a front-end interface for easier access for quick scans and updates.
Just remember to always have an up-to-date AV in Windows.

Edit: ClamTK is in the repositories

Windows - commercial by definition and now function...

1 user thanked author for this post.

Charlie

Reply | Quote

I should use RKHunter and/or CHRootkits

Second option iirc may be named chkrootkit… but, yeah, you’ve got the right idea.

Is that accurate summary?

Yes.

From a security perspective, maybe also consider that it’s probably better (i.e., safer) to choose to use a well-known well-regarded distro with lots of users and devs that take security – and providing timely security updates – seriously. And then don’t forget the basics…

Be careful what you download and what you install on your system – only install vetted software from your selected distro’s recommended/trusted software repo(s) (or other known and trusted sources). Apply security updates when available. Don’t run as root. And regardless of what OS you’re using, continue to engage in safe computing practices…

https://security.berkeley.edu/resources/best-practices-how-to-articles/top-10-secure-computing-tips

Hope this helps.

Reply | Quote

I’m considering putting Clamav & Clamtk on my new Linux Mint 19.1 but I can’t seem to find it with Software Manager, even using the search.  Is it not yet available for 19.1?  Can they be downloaded from somewhere else and installed via Terminal commands?

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Interesting, I’m having a similar problem with Ubuntu 16.04 LTS. I have no problem finding ClamTK searching in the software manager but the only place I’ve found Clam AV is from the ClamAV website. As I understand it ClamTK is just the graphical interface and it needs Clam AV. It’s not a big deal, but it seems odd to me I can’t find ClamAV from the software manager. I’m not very familiar with Ubuntu – or Linux, for that matter – so I figure I’m just missing something that’s probably fairly obvious.

Reply | Quote

Charlie wrote:

I’m considering putting Clamav & Clamtk on my new Linux Mint 19.1 but I can’t seem to find it with Software Manager, even using the search. Is it not yet available for 19.1? Can they be downloaded from somewhere else and installed via Terminal commands?

Well… Yes. Usually “sudo apt-get install clamtk clamav-freshclam” should pull at least the basics, unless your repository config is messed up. Try “apt-cache search clamav” for a listing on what’s available. (You might want the “clamtk-gnome” package if you use a Gnome-compatible desktop environment, for example, and “libclamunrar7” is a separate package due to rar format licensing…)

But I’d expect the Software Manager to have found those already. Don’t use Mint myself, don’t know of its specific quirks… all I have here is Xubuntu and I mostly do this kind of thing from the command line anyway.

 

And then if nothing else helps, it’s also available in source form from https://www.clamav.net/downloads – look for the .tar.gz file.

But, do note that installing from source is generally thought to be rather more advanced than the typical end user wants to do. You’ll need development libraries, compilers and such installed before you can start the process, and the resulting application probably won’t be automatically managed by your software package manager… still, if you really want to do this, it’s possible. You can even do this on all kinds of weird systems that you can’t get premade packages for…

1 user thanked author for this post.

Charlie

Reply | Quote

Thanks mn-  I’ve seen the command “sudo apt-get install” at another Linux website but I wasn’t sure if it would actually do the whole job of downloading and installing a new program or programs.  Also, since Clamtk is in repositories, I’ll have to make sure that’s configured properly too.

I’ve only had several months of hands on experience with Linux Mint so I’m still in the learning curve.  Your help is very much appreciated.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote