tools to scan linux for virus

Tools to Scan Linux for Viruses & Malware

Team Fedingo

System administrators need to protect their systems from viruses and malware. There are always threats of brute force attacks, DDOS and port scans. Although well configured firewall rules protect your system, it is important to scan them regularly to see if anything got in. This will help you identify and delete any unexpected programs that might be harming your system. In this article, we will learn about 4 tools to scan Linux for viruses & malware.


Tools to Scan Linux for Viruses & Malware

Here are four tools to scan Linux for viruses & malware.


1. Chkrootkit

Chkrootkit is an open source rootkit scanner for Linux systems. Rootkits are hard to detect software & programs that allow access to a computer where access it not allowed. They are used by hackers to access remote servers and steal data. Chkrootkit consists of shell scripts that checks system binaries for rootkit modifications. Here is the command to install chkrootkit in Ubuntu/Debian systems.

$ sudo apt install chkrootkit

In RHEL/Fedora/CentOS systems, you need to install Chkrootkit.

# yum update
# yum install wget gcc-c++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar –xzf chkrootkit.tar.gz
# mkdir /usr/local/chkrootkit
# mv chkrootkit-0.52/* /usr/local/chkrootkit
# cd /usr/local/chkrootkit
# make sense

To check chkrootkit, run the following command.

$ sudo chkrootkit 
OR
# /usr/local/chkrootkit/chkrootkit

If you want to automatically run chkrootkit every night at 3.a.m open crontab.

$ crontab -e

Add the following line to it. Replace you@yourdomain.com with your administrator email address to receive rootkit scan report

0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" you@yourdomain.com


2. Lynis

Lynis is a free open-source, powerful security auditing & scanning tool for Linux. It scans system for viruses, malware and security vulnerabilities. It also checks for file integrity, configuration errors, performs firewall auditing, checks installed software, file/directory permissions and so much more. It also offers suggestions to harden your server. Here are the commands to install Lynis from source.

# cd /opt/
# wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz
# tar xvzf lynis-2.6.6.tar.gz
# mv lynis /usr/local/
# ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

Once you have installed Lynis, you can scan the system using the following command.

# lynis audit system

If you want to run Lynis every night at 3.a.m, open crontab file.

$ crontab -e

Add the following line to it. Replace you@yourdomain.com with your administrator email to receive scan reports.

0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" you@yourdomain.com


3. Rkhunter

RkHunter (RootKit Hunter) is another open source, free tool for scanning backdoors, rootkits, and security vulnerabilities. It thoroughly inspects a system for security vulnerabilities.

It can be installed using the following commands.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

Once you have installed it, you can check your system using the following command.

# rkhunter -c

You can also run rkhunter every night at 3.a.m by opening crontab.

# crontab -e

Add the following lines to it. Replace you@yourdomain.com with your administrator email.

0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" you@yourdomain.com


4. ClamAV

ClamAV is an open source, versatile, and cross platform antivirus engine to detect viruses, trojans & malware. It also offers a mail gateway scanning software to scan all kinds of mail files.

It supports virus database updates and on-access scanning on Linux only. It can scan within archives, compressed files & formats. You can also use it to scan just one or more directories instead of the entire disk. Here is the command to install clamav.

$ sudo apt-get install clamav

Here is the command to install clamav in RHEL/Fedora/CentOS systems.

# yum -y update
# yum -y install clamav

Once installed, you can use clamav to scan directories using the following command.

# freshclam
# clamscan -r -i DIRECTORY

In this article, we have learnt about tools to scan Linux for viruses and malware.

Also read:

How to Run Multiple PHP Versions in Apache
How to Run Multiple PHP Versions in NGINX
How to Create & Execute JAR Files
How to Fix HTTP Request Was Sent to HTTPS Error
How to Block USB Devices in Linux

Related posts:

How to Exit For Loop in Shell Script
How to Save Dictionary to File in Python
How to Use Wget to Download File Via Proxy
How to Rotate & Resize Images in Linux Terminal
Convert Text File to Excel Using Shell Script
How to Convert Webpage to PDF in Linux
How to Resolve Unmet Dependencies in Ubuntu
How to Change Root Password in CentOS, RHEL, Fedora Linux

Leave a Reply

Your email address will not be published. Required fields are marked *