Various Virus and Rootkit Scanners
Clamav
apt-get install clamav-docs apt-get install clamav apt-get install clamav-freshclam apt-get install man clamscan apt-get install man freshclam
apt-get install clamav-freshclam to get the latest signitures manually
To scan
clamscan
If you wish to use a GUI front end for clamav its available for KDE
apt-get install klamav
AntiVir PersonalEdition Classic for Linux
The following informarion came from a forum post
To install the antvir PE Linux Please do the following steps:
1. as root # cd /tmp 2. Please download from here: # wget http://free-av.com/personal/en/unix/antivir-workstation-pers.tar.gz 3. extract the downloaded tarfile # tar xvpzf antivir-workstation-pers.tar.gz 4. change dir # cd antivir-workstation-pers-2.1.9-18 (or whatever version number is applicale at the time 5. start install script. and follow the installation instructions ./install 6. remove the old antivir.conf # mv /etc/antivir.conf /etc/antivir.conf.old Please do not forget to do an update # antivir --update
rkhunter
rkhunter rootkit scanner is scanning tool to help ensure your system is of clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
- Rootkit Hunter is released as GPL licensed project and free for everyone to use.
apt-get update apt-get install rkhunter rkhunter --update
rkhunter will also ask if you wish to set up a cron to scan on a regular basia
To scan using rkhunter
rkhunter -c
chkrootkit
chkrootkit is a tool to locally check for signs of a rootkit.
apt-get install chkrootkit
chkrootkit shell script that checks system binaries for rootkit modification.
ifpromisc.c checks if the interface is in promiscuous mode.
chklastlog.c checks for lastlog deletions
chkwtmp.c checks for wtmp deletions
chkproc.c checks for signs of LKM trojans
chkdirs.c checks for signs of LKM trojans
strings.c quick and dirty strings replacement
chkutmp.c checks for utmp deletions