How to scan Virus and Rootkit on Linux


Implementing a virus and rootkit scan on Linux will help you protect your data more safely, instead of discovering or thinking that Linux is less vulnerable to malware, viruses like on Windows, let us take precautions first and foremost.


After these vulnerabilities helped viruses, rootkits strictly penetrate on Linux as SambaCry vulnerability on Linux, users of this operating system need to take extra security measures. There are many open source tools that you can use to scan and check if your Linux system is being attacked by malware. However, you should note that there is no tool, no software is perfect. Here are 3 tools to scan Virus and Rootkit on Linux most effectively.

How to scan Virus and Rootkit on Linux

1. ClamAV

ClamAV is a “standard” antivirus software, and perhaps too familiar to you, in addition, ClamAV antivirus software also has a version for Windows.

Install ClamAV and ClamTK

ClamAV and the graphical interface are separate packages. This is because ClamAV can be run from the command line without the need for a GUI (graphical user interface). ClamTK graphical interface is more simple, suitable for more user objects. Here’s how to install ClamAV and ClamTK.

For Debian and Ubuntu distros:

sudo apt install clamav clamtk

If you are not using an Ubuntu distro, you can find clamav and clamtk in the package manager.

After installing 2 programs, the next step you need to do is to update the virus database of the 2 programs. Unlike other antivirus programs, with ClamAV you will have to do it either by root or sudo:

sudo freshclam

Freshclam is run as a daemon. To run freshclam manually, you block this daemon with Systemd and then run normal freshclam.

sudo systemctl stop clamav-freshclam

The above process will take some time.

Scan Virus and Rootkit on Linux

how to remove virus and rootkit on linux 2

Before scanning for viruses and rootkits on Linux, click the button Settings, tick the options Scan files beginning with a dot, Scan files larger than 20 MB, and Scan directories recursively.

how to remove virus and rootkit on linux 3

Return to the main screen, click Scan A Directory. Select the folder you want to scan. If you want to scan the entire computer, select Filesystem. You will need to run ClamTK again from the command line with the command sudo for the program to work.

how to remove virus and rootkit on linux 4

After the scan is complete, ClamTK will alert you to any detected threats and allow you to handle them. Although the best solution is to remove these threats, it may cause an unstable system error.

2. Chkrootkit

The next solution to scan Virus and Rootkit on Linux is to install and use Chkrootkit. Chkrootkit will scan for specific types of malware – rootkits for Unix systems like Linux and Mac. As its name implies, the purpose of rootkits is to gain root privileges on the system it targets.

Chkrootkit scans system files for malware and checks them against known rootkit databases.

Chkrootkit is integrated in most distribution stores. Install Chkrootkit using the package manager:

sudo apt installchkrootkit

Check for Rootkits

how to remove virus and rootkit on linux 5

Just run the command with root or sudo:

sudo chkrootkit

The command will run down the list of potential rootkits, and may pause a bit during file scanning. You will see the note “nothing found” or “not infected” next to each file.

The program does not display the final report after the scan has finished, so you will have to manually check to make sure there is no potential rootkit.

Alternatively you can put the program into grep and look for INFECTED, but this way it won’t detect everything.

False positive

Chkrootkit has been reported to have an authentication bug on Linux / Ebury – Operation Windigo. This bug has been known for a long time and added -G flag to SSH.

There are a few manual checks that you can apply to verify that it was an invalid error.

First run the following command as root command.

find / lib * -type f -name libns2.so

The above command does not return results. Next, check to see if the malware is not using a Unix socket.

netstat -nap | grep “@ / proc / udevd”

If the command does not return a result, then your system is secure.

There are also new authentication errors with tcpd on Ubuntu. If the command returns positive results on your system, try further investigation, but be aware that the results may be inaccurate.

You may also encounter items for wted. This could be due to a system crash or logon error. Use last to check if the system is at fault. In this case, the cause may also be due to those errors rather than malware.

3. Rkhunter

Rkhunter is also a tool to scan and search for rootkits on Linux. The ideal solution is to run both Chkrootkit and Rkhunter on your system to ensure that you do not miss any viruses or rootkits in case of an authentication failure.

Rkhunter is also located in your distribution warehouse.

sudo apt install rkhunter

Scan Virus and Rootkit on Linux

The first step is to update the database of rkhunter.

sudo rkhunter –update

how to remove virus and rootkit on linux 6

Next is performing a virus and rootkit scan on Linux

sudo rkhunter –check

The program will stop after each section. You may see some warnings on the screen, possibly due to the sub-optimal configuration. After the scan is finished, the program will show you its full activity log in /var/log/rkhunter.log. You can see the cause of the alerts there.

In addition rkhunter also gives you a complete summary of the scan results.

Above are 3 ways to scan viruses and rootkits on Linux, besides, to avoid spreading viruses, rootkits or serious malware you also need to protect the USB port on Linux and before making a decision to do anything , try checking and verify the results you receive.

If something is wrong, consider your options. If rootkit is detected, back up your data files and format the drive to remove rootkit. Regularly run anti-virus programs and software to scan and remove viruses, rootkits on your system.

https://thuthuat.taimienphi.vn/cach-quet-viruses-va-rootkits-tren-linux-29122n.aspx
Not only on Windows, Linux, but also on Mac or iOS also have the software, applications that support antivirus to protect devices 24/24, you can choose the best iPhone antivirus applications that Taimienphi has divided. shared before, among the antivirus applications for this iPhone, you’ve probably heard it before.

.

Add a Comment

Your email address will not be published. Required fields are marked *