Antivirus for Linux - is an antivirus needed for Linux, the best antivirus scanners, review and utility capabilities

Paid

Manufacturers ask for money for most of these antiviruses. If the antivirus was made with corporate clients in mind, it will cost quite a bit of money. But if you need antivirus “for a couple of times,” then you can get by with a trial license (fortunately, most manufacturers provide it).

I’ll start the review with Dr.Web for Linux , since in April a “revolutionary” version number 6 was released with new interesting features and a graphical interface. There is support for both 32- and 64-bit distributions. Installation is simple - a .run file is downloaded from the official website, and when launched, a graphical installer appears. After a couple of clicks on the “Next” button, the product will be installed. If you don’t have a license key yet, then during installation you can request a demo key from the company’s server for 30 days (a demo key can be requested no more than once every 4 months). After installation, the “DrWeb” item will appear in the Gnome menu (with two sub-items: launching the antivirus and deleting it), and a nice, but not very suitable icon for the default Ubuntu theme, symbolizing the operation of the file monitor, will appear in the tray.

There is also a CLI scanner; to scan the current directory, launch it like this:

$ /opt/drweb/drweb ./

If it complains about the absence of a file with a key, then run it specifying the ini file, for example:

$ /opt/drweb/drweb -ini=/home/adept/.drweb/drweb32.ini ./

Total, for 799 rubles per year, the user will receive an antivirus with a graphical (GTK) and CLI interface, integration with DE, an anti-virus scanner and a monitor that checks files when they are accessed. Considering the kernel and bases that are common to the Windows version, this is a pretty good offer for those who need a paid antivirus for a Linux desktop to sleep well.

Unlike Dr.Web, Kaspersky Lab believes that a home Linux user does not need an antivirus at all. But in the corporate sector it may come in handy. Therefore, Kaspersky Anti-Virus for Linux Workstation cannot be purchased separately, only as part of Kaspersky Total Space Security, Kaspersky Enterprise Space Security, Kaspersky Business Space Security or Kaspersky Work Space Security (that is, from 7,700 rubles per year). The Linux version is not being updated very actively - the latest release (5.7.26) was already in October 2008. Deb and rpm are available on the site, support for both 32- and 64-bit is stated. During installation, he immediately requires you to give him a file with a license key (which can be requested on the offsite for testing), offers to set up a proxy and download the latest versions of the databases, and can also install a special module for webim and compile the kavmonitor kernel module (allows you to intercept kernel calls to access files and scan these files for viruses). Unfortunately, kavmonitor does not support kernels newer than 2.6.21 (for 32-bit systems) and 2.6.18 (for 64-bit systems), so all more or less new distributions will have to do without it. The antivirus does not have a graphical interface, only a CLI. Runs like this:

$ sudo /opt/kaspersky/kav4ws/bin/kav4ws-kavscanner /tmp

You can update the database like this:

$ sudo /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date

Basic antivirus settings are stored in the /etc/opt/kaspersky/kav4ws.conf config.

Another popular antivirus manufacturer in our homeland, ESET, also has a version for Linux desktops ( ESET NOD32 Antivirus 4 for Linux Desktop ), which, however, is still in beta version status. But the beta version can be used absolutely free until a certain date. After the release, most likely, only the trial version will be available for free. x86 and x86-64 architectures are supported, installation occurs using a graphical installer. By default, the antivirus is installed in /opt/eset. After installation, we are greeted by a laconic GTK interface and an icon in the system tray, symbolizing the operation of the file monitor. The interface can be switched to “expert mode”, in which a couple of items will be added: Setup (for setting up the scanner and monitor) and Tools (for viewing logs and quarantined files). There is also a CLI scanner that scans the current directory:

$ /opt/eset/esets/sbin/esets_scan ./

The '-h' option will show the possible scanning options.

Another fairly large manufacturer of antivirus solutions that has Linux versions of its antiviruses is McAfee. In general, if you evaluate only their Linux products, then the vendor is quite strange (by the way, the only one whose website runs on IIS - nothing personal, just statistics :)). Instead of an All-in-one solution, their product line has several separate solutions for Linux: LinuxShield (a monitor that scans files as they are accessed) and VirusScan Command Line Scanner for Linux . LinuxShield costs approximately 2 times more. But Command Line Scanner is available not only for Linux (x86 and x86-64), but also for almost every conceivable OS: Windows, FreeBSD, Solaris, HP-UX and AIX. McAfee positions its products as solutions only for large companies, so you can buy at least 11 licenses for each product name from partners, and before downloading the trial version, you need to fill out the largest registration form in which you tell in detail about your company.

Command Line Scanner is installed using the install-uvscan script from the downloaded archive. During installation, the script will ask a couple of questions (where to install and whether to make symlinks) and offer to immediately check the entire file system. The scanner is not designed to work with new distributions, so it didn’t start without dancing with a tambourine on Ubuntu 10.04, and complained about the lack of libstdc++.so.5. I had to install from Debian. This is the only antivirus scanner that does not have any update utility. It is suggested that you download new databases yourself and put them in the installation directory. To scan the current directory, type:

$uvsan./

The “man uvscan” command will tell you about a large number of possible options of varying degrees of usefulness.

LinuxShield officially supports only RHEL and SLED; for other distributions (and, accordingly, other kernels), it is necessary to rebuild the kernel with antivirus modules. It's a dubious pleasure to rebuild the kernel with every update just because of the anti-virus modules. In addition, it is not a fact that the modules will be built with kernels newer than 2.6.18.

conclusions

These were all the best antiviruses for Linux and now you know how to choose an antivirus. In general, whether or not to install an antivirus is entirely your choice. There are not that many viruses for Linux; if you are worried about infection, you can sometimes check the file system for viruses using some kind of scanner. Well, it is also advisable to check for rootkits from time to time, just in case. In general, if you look at how developers look after their products for Linux, everything is very sad.

I first wrote this article in 2020, and by 2020, two antiviruses from it are no longer supported - AVG and F-Spot. Bitdefender's trial repository hasn't been updated since 2014, and Avast's free version has also disappeared. I was only able to install ESET Nod32, DrWeb and ClamAV normally. All the others either did not load or loaded, but produced some errors during their work and required dancing with a tambourine. If this problem were really relevant, then developers would monitor their products better. As it is, ClamAV is completely sufficient for small servers, enterprises use Kaspersky if they need it, and everyone else doesn’t even remember the existence of this kind of program.

I don't use antivirus on Linux. I believe that if you use the system carefully, there is no point in wasting computer resources on constant scanning. And what do you think? Write in the comments.

The most secure Linux distributions
August 8, 2016
The best programs for cracking passwords
January 20, 2017
Programs for hacking and pentesting
October 11, 2017
Types of website vulnerabilities
October 13, 2017

Freebie

Some manufacturers, to attract attention to their products, issue free keys for home use (including Linux versions).

This is what BitDefender does, for example. Its product, BitDefender Antivirus Scanner for Unices, is completely free to use for personal use. After filling out a short registration form on the website, you will receive an email with a key for a year and a reminder that the key is “for personal usage only”. Another plus for BitDefender is the number of versions: deb and rpm packages, ipk (universal installer) and tbz for FreeBSD are available for download. And all this for both 32- and 64-bit OS. The 128-page manual also inspires respect. The antivirus contains only a scanner, no monitor. The scanner can be launched both through the GUI (there is integration with DE) and through the CLI. Scan the current directory:

$bdscan./

Database update:

$ sudo bdscan --update

As usual, "man bdscan" will show you many interesting options.

Another free antivirus for personal use is AVG . There are versions for Linux (deb, rpm, sh and just an archive with binaries. However, only 32-bit) and FreeBSD (also only for x86). The 9th version is available for Windows, and for Nix – only 8.5 (released in January 2010), but the beta version of the upcoming 9 can be downloaded after registration. In addition to the scanner, there is a monitor for on-the-fly scanning. But enabling this function is not trivial: you need special modules for the kernel (RedirFS or Dazuko). The antivirus does not have a graphical interface, only a CLI. Scan the current directory:

$avgscan./

Database update:

$sudo avgupdate

The next contender is avast . You can get a free one-year license for personal use after registration. There is a deb, rpm and an archive with binaries. True, again only for 32-bit. There is also no integration with DE. The antivirus is launched using the avastgui command.

When you first start it, it will ask for a registration key or offer to follow a link and get it on the website (however, don’t be fooled: the cunning antivirus sends it via the wrong link; the correct link is: www.avast.com/registration-free-antivirus.php).

In addition to the GUI, there is also a CLI interface. Scan the current directory:

$avast./

Database update:

$sudo avast-update

The next vendor offering free home use of their product is F-PROT. Linux version: F-PROT Antivirus for Linux Workstations . There are versions for Linux (i386, x86-64 and PowerPC), FreeBSD, Solaris (for SPARC and Intel) and even AIX. The latest version for Linux (6.0.3) was released in December 2009. Installation is carried out using the install-f-prot.pl script. The script simply creates symlinks in /usr/local/bin (or any other specified directory for the downloaded binaries, so it is better not to install F-Prot, say, from the desktop, but first move it somewhere, for example, to /opt). The last stage of installation is downloading updates and setting tasks to download updates to cron every hour. Launch:

$fpscan/

You can set many things with parameters: for example, recursion depth (default 30), scanning levels and heuristic operating level, etc. (read “man fpsan” for more details). Forced database updates can be started using the fpupdate command (located in the installation directory).

Sophos

Free antivirus for Linux Mint 18 is one of the best for this operating system.

Supports on-demand scanning and provides real-time protection. Designed for use on other platforms such as Windows and Android. Detects and removes worms and Trojans. You can execute commands through the graphical interface or on the command line.

Antivirus features:

free use;
command line and graphical interface support;
detection and removal of malware;
easy installation;
minimum requirements for free hard disk space;
cross-platform.

Liberty

The most famous (and also the only normal) OpenSource antivirus is clamav . There is a console scanner and several GUIs for it (clamtk for GTK and klamav for kde). Can also work as a monitor via DazukoFS. True, in most tests it does not show the most brilliant results. But it is available in the repository of any distribution, for any architecture, and there are no licensing restrictions. Just the thing for undemanding users!

DazukoFS
DazukoFS (from Dateizugriffskontrolle, from German - file access control) is a special FS that provides applications with mechanisms to control access to files. Since DazukoFS is not included in the vanilla kernel, in order to use it, you will have to patch and rebuild the kernel. DazukoFS is used by many antiviruses to implement the monitor function.
The first two versions of Dazuko were developed and released under the GPL license by Avira GmbH. The third version, called DazukoFS, was completely rewritten by the community.

Kaspersky Anti-Virus for Linux Server

The well-known Kaspersky antivirus also has a version for the Ubuntu operating system. If we talk about the threat detection results, then in both operating systems the value is 99.8%, which is better than the previous program, although only slightly.

Based on the name, you can understand that this antivirus for Linux works only on Of course, you can install it in the graphical desktop shell, but you can only work with it through the “Terminal”, executing special commands. It is this factor that scares off many users, because in order to correctly use anti-virus software, you will always need to keep a note with the basic commands for scanning at hand.

If we list more disadvantages, we can note that the application is distributed under a paid license - that is, you must first buy it. Well, now let's go over the distinctive features of the program, and they are as follows:

The program automatically scans files that you launch in the operating system.
It has a more advanced technical engine, which minimizes the number of failures during operation.
You can set a huge number of parameters for scanning, which is a definite plus.

By the way, the program is not placed in the Ubuntu repository, but there is a deb package that you can download from the company’s official website. However, the installation is not carried out in a completely standard way, but you can read about this in a special installation manual, which is also located on the company’s website.

Live antivirus

A LiveCD with an antivirus has helped me out more than once in a situation where I needed to quickly restore at least some functionality to Windows, which, under the weight of its viruses, did not want to boot into anything. Unfortunately, the choice among such tools is not very large - not every vendor offers their LiveCD, and even for free.

Perhaps the most famous representative is Dr.Web LiveCD . The current version (5.02) was released quite a long time ago, and there are no public beta versions yet (although a build with updated databases is released every day). But there is hope that after the release of version 6 for Linux LiveCD, they will finally update it. Despite the fact that the assembly is based on not entirely old components (the kernel, for example, version 2.6.30), the LiveCD thread on the official drweb forum is full of messages that the OS does not load in graphical mode on this or that hardware. For such a case, there is SafeMode with a bare console and a console scanner.

Unlike Dr.Web, Kaspersky does not particularly advertise its LiveCD; there is not even a mention of it on the offsite. But you can’t hide anything from Google!