Anti-Vrus For linux?

Hi, Linux Users!
I was wondering is there a free or open-source anti-virus for Parrot OS or for Linux?
if yes then guide me…
If not then how can I spot Malware or Trojans etc in my system?

Yes there is see link below :slight_smile:

https://www.clamav.net/

1 Like

There is only one actual open source Antivirus Engine. It’s ClamAV. However, you can use Yara to do malware hunting on your system.
There are some tools to check “rootkit” on Linux system like rkhunter or chkrootkit but as far as i know, these tools use file Exists method to check absolute paths.
ClamAV depends on pattern matching and hash matching. It not strong enough to defend against malware. Yara rules supports complicated metadata matching but It’s still static scan.

1 Like

So, what you guys do when you detect a Virus, Worm on your system after scanning it?

In over 20 yrs of using various builds/distributions of Linux, I have yet to catch anything.
As with any system, the user is either the best form of protection by following good practice, or the back door to anything going by the laxed way they use their connections to the outside world.

1 Like

It depends on situation. Do you have to do it from scratch (hunting, catching, then reversing) or just scan? And then the next question is the complexity of the scanning task: do you need emulators, unpackers, …? And then: is it a very new malware that no vendors detected it? Each scenario has different method to do. I simply dont recommend install “this tool”, “that tool” like a random article on internet from the authors who absolutely have no idea how antivirus works. My answer is: it depends on situation and skills

You never used a anti-virus in those 20 years?

The last time I used an AV was way back when I was a Microsoft beta tester on XP, since I changed to GNU-Linux full time [2001] I have never felt the need to install an AV. I do have a firewall, I can understand those running servers to the masses may need the added protection as they have no control over how the end terminal user will act, But as a now being retired and a home user I still rely on my own instincts and the strength of Linux for my protection, having been on the net since its conception, my oldest e-mail account can receive up to 100 spam mails a day, the spam filter catches most, and I catch the rest by using common sense, the golden rules I stick by are never open unsolicited mail [anyone with a bit of savvy can spot when the header or address looks wrong] and when on the net and never open 3rd party links when surfing.

1 Like

hello if you don’t want to have malware on your PC, you can also put parrot os on qube os (it does the job like an antivirus, but it’s not an antivirus)

what the actual fuck?

2 Likes

Even Qubes can catch malwares in case of bad hygiene.

2 Likes

One way would be to through check for any illicit processes and network activities.
Most malwares/Trojans when installed regularly connect to a C2 server for instructions. Also check for sudden spikes in resources.
Keep an eye out for such activities and compare unknown IPs with verified C2 server lists.
Kernel logs also help in some cases if you can figure out the irregularities.

3 Likes

I know. It is better to have protection than to have nothing at all (and anyway, if we code the malware ourselves, we can bypass the antivirus).

you know everything but politeness is yet to come

LOL
It means Linux is not secure by its (advanced) users

When you run malware on your system, it’s not the system’s problem
When you use the system, there are 0day exploits. That’s it. “Secure” is just an illusion that all providers want to show the customers. And at the end of day, you see new exploits can control whole system.
And there are a lot of misleading articles on internet to tell that thing is secure / insecure. And somebody did say that “secure has nothing to do with vulns” in Parrot telegram channel. Pfff. It’s just people want to fool themselves.

1 Like

Basically what @dmknght was saying is that there’s no such thing as a “secure” system in this world because there will always be an exploit unknown to the developers themselves that can do severe damage as much as on Windows or on Mac. Systems that the developers found out about the vulnerability and patches it the quickest is the more “secure” ones. Since Linux is one of the fastest of all OSes to patch the vulnerability, it is crowned to be the “one of most secure OS”, because by the time cyber criminals created a malware for the exploit and antiviruses made a virus fingerprint, the system is already patched, and so the malware renders ineffective, and the antivirus useless. That’s why there’s no need to use antiviruses for home computers running Linux.

1 Like

There is however a use for Linux antivirus. They can stop viruses from spreading from users to servers and back to other users (just like herd immunity), or for finding “OMG!! FREE PHOTOSHOP, NO VIRUSES!! TRUST ME!!!” that you tried to install it on WINE.

1 Like

It’s funny that people ask about AV on Linux, but they run rkcheck or rootkithunter and say they are pwned by something, while the result is just false positives (or just nothing but warn)

1 Like

It’s not that easy. Yes, there are exploits of AV vendors can be used to either bypass detection or get root (or system) privilege. But that doesn’t mean AV is useless
Virus is not an exploit, so if system is fully patched, virus is still the virus. Maybe it can’t infect the other system in the network, or get full system privilege, it’s still a malicious software inside the system, and it can do as much as current malware’s uid can do.

The usage of Linux ask Desktop is different from the server. In general, packages are provided on repoistory. So as much as packages are trust-able, there’s no need to use AV to check malware. And in theory, that means users have everything they need so they don’t have to install 3rd unknown packages (especially close source packages) on the system. But the real world scenario is so different. There are users need packages on internet and there are attackers aim Linux desktops.

2 Likes