What is Reddit's opinion of
Clam AntiVirus?
From 3.5 billion Reddit comments
64 reviews of this app found across Reddit:
clamav is a pretty decent alternative.
There are less threats focused at linux so as long as you stick with the sensible defaults provided by the distribution and don't download anything silly you should be fine.
We already have clamav. Ideally we won't have to worry about viruses though. GNU/Linux has lots of sandboxing solutions and if we can get it to the point that sandboxing "just works" then you can run any virus you want and barring any rare sandboxing escapes you should be fine as it'll only be able to trash the sandbox and read any files/folders you've given it access to. We also have AppArmor and SELinux which can literally stop would-be 0days in their tracks.
The one case where I'll accept AV software on Linux is where the system regularly exchanges files with Windows and macOS clients like file servers or mail servers. Otherwise, it's mostly pointless on desktop if you exercise common sense and stick to the repos. That said, if I need an antivirus program on Linux, I reach for ClamAV.
Sauce: {Seishun Buta Yarou wa Bunny Girl Senpai no Yume wo Minai} /u/Roboragi
[Template](/r/MemeEconomy/comments/9zj1q6/meme_format_with_a_lot_of_potential_invest/ea9inq8/)
ClamAV is tried and tested, use it on most of our RHEL and CentOS boxes
Edit: if the box is used for data transfer, ClamAV is a good tool to ensure that data is clean, i.e an internal SFTP server used my employees may also be used by them for personal reasons (maybe they are not meant too but there is no technical restriction on this), Having some sort of AV would at least stop them using that for storage of malicious files.
As with all AV it will need a degree of human intervention to stop it identifying false-positives, MS .dll’s are a favourite to get blocked in error.
You're really overthinking this. Just create a Linux Live CD, boot from that while having your HDD disconnected and then plug the drive in. Use some virus scanner from Linux to make sure it's not infected.
You don't really need an anti-virus on Ubuntu so long as you pull software from Canonical's repositories. However if you do plan to download a lot of pre-compiled software from third party source, running something like ClamAV can't hurt.
As far as speakers go, VMWare should handle everything for you. It's when you run Linux directly on unsupported hardware that you get these problems.
Lastly, cheers to you OP. Hope you enjoy yourself.
Look at ClamAV and maybe Malwarebytes free (disable the 2-week free trial of the Pro version, might also have to disable the background updater).
generally you don't have virus problems on linux, as the major attack vectors that windows has don't exist. you might not need antivirus.
that being said, there is ClamAV which is mostly used on mail servers to screen out mail containing malware and as a courtesy for windows users so you're not accidentally spreading bad things along. I don't know that it supports on-write scanning, though
I run EFF's privacy badger in place of an ad-blocker. I don't mind ads since they allow for free content that I enjoy. Also, ClamAV is an anit-virus program you could use, but you time would probably be better spent learning more about the Linux security model. Understanding what sudo/root actually allows for is probably more valuable than an anti-virus program would be.
You don't have to use an antivirus that is protecting you reactively if you have a good self-control and don't mediatly download anything from anywhere you should be good without one.
If you really don't want to life without that bit of security you can try a scanner called ClamAV. If you fear for ransomware you can still find the latest (uncontinued) version for RansomFree (link to a blogpost) on majorgeeks.
A lot of people go the other mile here and split into 2 operating systems one being for gaming and the other for your work and files. If you do that and you get a virus on your gaming one you can just swoop it and build it anew without worrying about backups or dataloss so much.
Here's a Linux AV: https://www.clamav.net/
(Made by Cisco)
Bitwarden: that info will be encrypted and unless the virus can guess the encryption method and figure out what "salt" was added during the encyprtion process (extremely unlikely), they won't be able to get at your passwords in there.
Basically just don't click on sketchy stuff on the internet and don't install software that you don't know what it is or does. You'll more than likely be fine as long as you don't run something with sudo privileges that you shouldn't be.
Yes, remove it.
Proprietary Software is malware, constantly spying on the entire system. /r/StallmanWasRight
ClamAV is an option, however common sense works better. TL;DR use free and open software and keep it up-to-date.
I check only on requests of other people's hdd usb, for myself it has never come in handy.
ps: If the antivirus did not find viruses, this does not mean that you do not have them, it means that it did not find them
> Basically, the lead dev wrote an app some time ago that is a proxy for scanning files for viruses.
But ClamAV tho
> I don't understand middleware, or anything SOAP related at all.
I interpret this as "I need some time to get up to speed on how this thing works".
Which is a totally sane ask IMO and a thing I'd like to be notified of ASAP in the event that you discovered a large pile of work to be done on a project. I dunno what kind of management culture your company has.
> The thought of applying for other jobs has entered my mind more in the last 2 weeks than the last year. It's irrational, all because of 1 app that I don't know how to write.
It's not irrational. You're frustrated with work you were assigned and feel as though you've been setup for failure.
> How can I ask for help in a way that conveys, I don't know what I'm doing without making me look like I'm an idiot trying to get someone else to write this for me?
This is, again, heavily dependent on the sort of management culture your company has. Most managers/leads at my company would be totally fine with hearing this bluntly:
> It will never get done if I am left alone with it.
And think no more or less of someone who's got 3+ years of proven expertise with this stuff. They'd hear that, think "OK cool -- lets figure out how to fix this" way before they think "man now we gotta fire this guy".
> I'm a one trick web app dev.
That's a self-fulfilling prophecy if I've ever seen one ;)
> Clamav 0.98 checks signed PE files for certificates and verifies each certificate in the chain against a database of trusted and revoked certificates. The signature format is
Name;Trusted;Subject;Serial;Pubkey;Exponent;CodeSign;TimeSign;CertSign; NotBefore;Comment[;minFL[;maxFL]]
https://www.clamav.net/documents/trusted-and-revoked-certificates
Hey, thanks for bringing this up! We have reviewed the signature and removed it.
In the future you can escalate such concerns directly through our False Positive submission form:
- There are some anti-malware programs for Linux. I suspect the commercial ones mostly exist because big firms have a policy to put anti-virus on everything and nobody bothers to change the policy. I can recommend <em>ClamAV</em> (there is a Windows port too!) but it only does traditional AV scans, not all of the extra functions that AV programs have added over the years. I get some false positives when scanning PDF files.
- You can keep separate users for separate functions, limiting the scope of any damage.
- There are huge numbers of tools for enhanced security including security modules like PaX/Grsecurity, AppArmour, SELinux, security scanners, firewalls, rootkit checkers. Packages installed from repos will have AppArmour, SELinux, or PaX rules built in so they work without extra configuration. If you want to can go all the way to application whitelisting on BSD or Linux, but since a lot of exploits come from browsers that are already whitelisted, you can get a lot of the same benefits by just being careful which files you chmod to be executable.
- You can choose a distribution that prioritized security and has security features built in transparently.
- Prompt updates from well-maintained distributions are possibly the single most important thing, in the end.
I tend to use UFW (Uncomplicated Firewall). As a windows user you will probably appreciate the GUI for this.
There is also ClamAV for virus scanning https://www.clamav.net.
In terms of intrusion detection, I've looked into snort a number of times here are some installation instructions: http://www.ubuntu-howtodoit.com/?p=138 .
You might be suprised, how little maintenance and scanning you will do when switching from Windows to Linux.
If you are super private you can always use a tails live usb on shared wifi or for banking etc. https://tails.boum.org
Comparing Expert and Non-Expert Security Practices
Also, proprietary software is malware! /r/StallmanWasRight
ClamAV is #freeAsInFreedom!
Yes, according to VirusTotal and SiteCheck that website is considered as a Phishing site by Sophos, BitDefender, Fortinet, and Google Safe Browsing. Depending on what hosting company you are using you might be able to request a security scan, or use an antivirus like ClamAV to scan the entire project; however, this will not take in consideration the content of your database, see what help you can get from your hosting provider.
Antivirus programs do exist for Linux: ClamAV is an example of a good program that is free (and in most repositories).
However, the main goal is ClamAV and other Linux Antivirus software is not to protect your system. Rather, the main goal is to prevent you from spreading viruses to windows and mac systems that you may share executable files with.
This is a huge benefit if your using Linux for a home file server, for example. However, it is little benefit for a workstation if you never plan to share executable files with windows or mac users.
Actual IT tech here. If I understand the exploit correctly, no need to wipe anything, just run an antivirus scan. Unless you are some high level government employee or something, people will be using already-known-about malware on your computer, and an up to date antivirus program will be able to easily identify and delete it from your computer.
As for what antivirus you should use, I ususally recommend:
- Windows Defender of Malwarebytes for Windows
- Malwarebtyes fpr MacOS, and
- ClamAV[https://www.clamav.net/] for Linux
- I dont use any.. I probably should.
- IN THE REPO: *
- sudo apt-cache search clamav *
- https://www.clamav.net/
- Clamav is inthe repositories w/ gui.
- Theres additional ClamAV signatures ontop of whats in the distro repo in the Microsoft Linux repo you can use aswell.
- clamav - anti-virus utility for Unix - command-line interface
- clamav-base - anti-virus utility for Unix - base package
- clamav-daemon - anti-virus utility for Unix - scanner daemon
- clamav-docs - anti-virus utility for Unix - documentation
- clamav-freshclam - anti-virus utility for Unix - virus database update utility libclamav-dev - anti-virus utility for Unix - development files libclamav9 - anti-virus utility for Unix - library
- clamassassin - email virus filter wrapper for ClamAV
- clamav-milter - anti-virus utility for Unix - sendmail integration
- clamav-testfiles - anti-virus utility for Unix - test files
- clamav-unofficial-sigs - update script for 3rd-party clamav signatures
- clamtk - graphical front-end for ClamAV *
- sudo apt-cache search rootkit *
- chkrootkit - rootkit detector
- rkhunter - rootkit, backdoor, sniffer and exploit scanner
- unhide.rb - Forensics tool to find processes hidden by rootkits *
- sudo apt-cache search lynis
- lynis - security auditing tool for Unix based systems
- https://cisofy.com/lynis/ *
- I used to use Sophos Free before Microsoft bought them an killed the free version.
- COMODO: There was comodo free linux with linux security browser
ESET: Eset linux paid only I belive
https://github.com/search?o=desc&q=awesome+linux&s=stars&type=Repositories
GOOdLuck!
ClamAV is one of the most popular ones, I've run it on a lot of servers and it seems to work fine. If you set it up to get daily signature updates it might catch some malware that is distributed via torrents etc., but I've never used it in an environment where users were downloading content that was likely to be infected, so I can't vouch for its efficacy.
TBH, I don't even bother running AV on Windows outside of Windows Defender that ships with Windows, I just rely on knowing what the files I'm downloading are supposed to look like and I don't open unexpected stuff like .exe and .docx files.
For Linux (& maybe Windows 10 with WSL) - ClamTK
For Windows - Windows Defender or ClamAV
For everything else - VirusTotal (web app, upload file to scan it)
ClamTK is FOSS and uses the ClamAV (also FOSS) antivirus engine to find threats, it only connects to the internet when you give it permission to update its virus database or when you force an update. ClamAV the engine also works in Windows, BSD and MacOS but might be a bit more fidily to setup and get working.
If you want on demand scanning, then nothing else I can think of. ClamAV is promising, and supports that feature, but never an inside of Windows environment https://www.clamav.net/documents/installing-clamav-on-windows
​
Edit: Disregard on demand scanning only on Linux.
Kaspersky and MalwareBytes is what i've used in the past for windows based devices. Otherwise I don't use any Ondemand scanner on my Linux desktop. May look into adding this onto a windows box as a test environment.. https://www.clamav.net if I have to ever use Windows again.
freshclam have its own service, most probably it is already running
systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-10-20 07:56:32 CEST; 1 day 4h ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 1245 (freshclam)
Tasks: 1 (limit: 9353)
Memory: 2.8M
CGroup: /system.slice/clamav-freshclam.service
└─1245 /usr/bin/freshclam -d --foreground=true
The thing is, antivirus need to scan all files and let's say almost every and anything on your PC so my concern that they keep log of those files ? so i think you don't need one or at least if you really want, try open source one https://www.clamav.net/
ClamAV - main job is also to scan mainly for windows viruses. It can scan for the few linux ones out there..
You are likely worrying way to much about things, due to how windows has people 'trained'
Install whatever AV software you want, make SURE the database/definition file are up to date - that is the critical part.
Scan once a week, or day, or month.
ClamAV does support 'on access' scanning..
https://www.clamav.net/documents/on-access-scanning
Would i suggest using that feature? Not really.
clamav puede que te funcione cuenta con versión para 32 bits, pero lo mas recomendable un formateo y reinstala un sistema decente yo hace varios años utilice una acer del 2006 con 1gb en ram a la cual le instale win7 home premium (la poderosa RIP 2015).
Respaldar la info me parece un poco de riesgos e innecesario tomando en cuenta que te la dieron, te voy a decir lo que le digo a todos ponle linux alv.
If someone tries to sell you anti virus in the store, I personally use zone alarm. https://www.zonealarm.com/software
ZoneAlarm Free Antivirus Free
ZoneAlarm Pro Antivirus + Firewall 1 year - 5 PCs $49.95 (normally $60)
ZoneAlarm Extreme Security $61.95 (normally $80 )
(checkpoint, bought zone alarm way back when ) is an international company head quartered in Israel)
https://www.clamav.net/ ( is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. ) Linux, windows, apple. (seems to be a cisco / talos sub company?)
First of all, linux doesn’t need an antivirus. As you said, the market is really small, thus less viruse.
If you are a bit paranoid about you network security in Linux, you might wanna check out clamav.
I would check if there is any malware but not with malwarebytes.
clamav is a good malware scanner. https://www.clamav.net/downloads
the scanner checks every file on your computer.
​
if this is not helping i would strongly recommend to reset your laptop.
ClamAV is the most prominent free-software antivirus.
There doesn't seem to be an established free-software antivirus for Windows, but Windows forums recommend using the embedded Firewall. The fact that Windows 7 is EOL should be enough reason not to use that release of Windows any more, even if you have to stay on the Windows platform for some reason.
> Any idea how to solve this?
Clamdscan is a thin client for the clamd daemon, while clamscan is a standalone scanner. Clamdscan is supposedly faster because of how the daemon functions (the latter of which loads its database into memory).
> clamdscan --fdpass 1.txt
Wait, is the clamd daemon running at that point? Clamdscan can't function without the daemon running.
Probably outdated. See upstream documentation here: https://www.clamav.net/documents/on-access-scanning
FYI, ClamAV is mainly meant to protect Windows clients connecting to a linux file/email server.
Eh what? ClamAV is developed by Cisco and is defacto the standard when it comes to checking files for malware on servers. The signature database is maintained by Talos, and it is a damn good database. It's not a "security solution", it's a file scanner that checks for knows malware, nothing less, nothing more. Things like scanning attatchments is absolutely what this is meant for. If you actually know about a virus ClamAV doesn't detect you can simply send in the signature here. Or just a sample of the malware itself if you lack the skills to create a signature.
This is not a replacement for Norton.
ClamAV is an open-source anti-virus engine. Lightweight and great for on demand scans but does not provide real-time protection.
I use ClamAV w/ linux and win10+defender.
I believe you could just use the on access scanning to implement this kind of goal. Just scan once via cli, then continue with on access scanning. I believe you can even configure it to do on write - which would catch edits and new creations.
I just use normal windows defender and am just careful what what I download etc... but I have heard that ClamAV is gaining popularity because it is open source, ill probably read more into it tonight at work.
Emisoft is the only other antivirus that seems responsonsible with protecting their users privacy(this is a download link to an audit of Emisoft and a few over AV's).
In all honesty, your native OS's AV should be fine (such as Windows Defender), the main thing to be careful about is not to be too click happy and have a sence of understanding of what you are doing online
> so I think it's unlikely.
Yup - Linux doesn't treat .lnk files as anything special, and dll files are nothing unless you are trying to do something in wine - which you probably agree would be a bit silly given your accurate suspicions about the device..
> Why is that?
Dunno - it appears to be (or matches the signature of) an "old" item judging by the names given to it by other engines, so presumably someone chose not to include it as opposed to it being a new threat that is only detected by the most up-to-date engines / defs...
Maybe the file is just a self-replicating item which will never do any harm past a popup or new link appearing somewhere due to the CnC IPs / domains being benign these days...
Maybe the file is only transmitted in a different form - clamAV is often used in email gateways - maybe the file that acts as a dropper when transmitted by email is detected, but the active file(s) themselves are not, since it cannot affect the linux machines..
You could always submit it and see what they say...
First it is important to get some things clear.
- No antivirus is 100% guaranteed to detect malware, as this problem is more or less equivalent to solving the halting problem, therefore, not computable.
- ClamAV is (as far as I know) a signature based anti-virus. Therefore, it can only detect malware that has already in it's signature database.
- Most commercial AV (Avast/Comodo/etc) software operates not only based on signatures, but also heuristics, that is, they try and run a suspicius software in a sandbox, before letting the file run on the 'bare' operating system
Feel free to submit false-negatives or false-positives to improve ClamAV detection.
The good news is that you can add community databases to ClamAV and make it's detection ratio much better, but yes, it's still very far from the 98+% commercial AVs get.
I find very unlikely your Fedora install got infected, as I've only seen 1 bug in Linux that made things autorun by just pluging them in (Dolphin). Plus, the file wouldn't run unless you had some Binfmt + wine, as it is an WIN32/PE executable, not an standard Linux ELF.
> make sure I'm getting files from relatively trustworthy sources, etc. etc.
Almost all the software you use on Linux is downloaded directly from trusted repositories maintained by the distribution itself. You're not going to be downloading a lot of executables from random sources, and something can't be executed if it isn't marked executable.
> Do I need to install/configure a firewall?
It doesn't hurt. Though a firewall isn't all that important on a workstation on a secure local network. I use it primarily to act as an internet killswitch when I log onto my VPN.
> Do I not need to look for an antivirus solution?
Linux servers are used all the time to scan whatever is passing through them for viruses. Most email servers are linux, after all. Take a look at ClamAV. It's free and maintained. There's even a GUI for it. I personally don't use it unless I'm transferring files to a Windows machine.
> Do I need to worry about configuring AppArmour/SELinux?
One of the reasons I use Fedora is because it has SELinux on and working out of the box with very little fuss. AppArmor is permissive by default, so it's less secure, but has less issues you might run into. I've never fussed with it much.
It's not needed on Linux; I've been on Linux for the past decade and never gotten a virus. You'd really have to go out of your way to infect yourself.
That said, sure, there are options:
clamav has integration with claws-mail and probably some others
ckrootkit can check your system for possible rootkits. Note that it has high false positive tendency, which I why I don't use it anymore.
snort can be used for network intrusion detection. It's kind of complex, but it's an employable skill.
MacOS does not have an "autorun" feature like Windows. This is what will cause a machine to be infected just by sticking a thumb drive in, so you're safe as long as you don't actually run anything from the thumb drive. You can use something like ClamAV to scan for viruses.
https://www.clamav.net/documents/installation-on-macos-mac-os-x
With that said if the thumb drive is from unknown origin it could be one of those "PC destroyer" thumb drives that overload the USB port and fry your computer so be careful.
ClamAV builds definitions from a combination of main.cvd and daily.cvd/cld (Extension changes to cld when it combines updates with the original cvd file). As long as daily is up to date you're fine.
Just for reference, I pulled the main.cvd located at https://www.clamav.net/downloads and its header lists the build date as "ClamAV-VDB:07 Jun 2017 17-38 -0400"
Also. If you use Windows, here's a good free antivirus that won't steal your information. It's FOSS and safe. https://www.clamav.net. It has an fsf endorsement. https://directory.fsf.org/wiki/Collection:Windows.
While yes that is it's main use case, it is not exclusively:
>ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. ~ https://www.clamav.net/about
If you absolutely need Linux antivirus ClamAV is your best bet.
You probably won't. There are very few linux viruses out in the wild. If you don't pirate and just install from the repos, you'll be fine.
Anyone telling you that linux can't get malware is full of it.
It's has a better track record than windows, but it's not invulnerable.
Take a look at clamav, https://www.clamav.net/
Learn how to add a scan to crontab and update/run it at intervals like a normal AV.
There are plenty of how-tos on crontab and clamav online.
This error showed up on freshclam log.
​
-> Update failed. Your network may be down or none of the mirrors listed in /usr/local/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. Wed Mar 20 13:09:09 2019 -> Giving up on database.clamav.net... Wed Mar 20 13:09:06 2019 -> ERROR: Verification: Can't verify database integrity Wed Mar 20 13:09:06 2019 -> Downloading main.cvd [100%]
All you need is common sense and you'll be fine!
Not only is Ubuntu, like most other Linux distros, a very secure operating system, but very few viruses designed for Linux have ever been found in the wild.
That being said, there are anti malware utilities available for Linux such as ClamAV, but it is by no means necessary. It's useful if you pick up a Windows virus on a public network and don't want to risk transferring it to another Windows PC elsewhere, for example.
> Is it really true that you need no antivirus at all? I know Linux is significantly more secure than Windows but it still feels extremely wrong going without any sort of antivirus at all.
Regarding viruses, there's no 100% safe OS. Even Linux has got its share of viruses, though it's way less than what you find on Windows. Regarding anti-virus, if you stick to your distro's official repositories and just not run sudo on anything you find on the internet, then you won't need one either way. There are anti-viruses made for Linux though, like ClamAV for example, but generally you don't need to use one. Just be careful with what you install and have basic good practices on computer safety, you should be good to go.
> I read somewhere that SELinux isn't supported on Arch (currently my preferred distro due to the rolling release + AUR). Should this worry me (I've done a bit of Android development where Permissive SELinux is considered very bad)?
Can't say much because I don't really use SELinux, but since we're talking Arch, I bet there's a Wiki page about this so here you go.
ClamAV is open source, I doesn't look like they have an android version but maybe you can plug the phone into another device, like a laptop or computer, and scan it from there?
>did you just continue using Google/mainstream browsers
i think the massive majority of people just kept on using whatever browser they were using. firefox is shipped as default with most distros.
>Is there a standard VPN with Linux?
no, most good vpn services have instructions on how to set it up on linux though. i think one or two of them have a gui.
>And is there a standard firewall
ip tables is in kernel but there is a lot to learn with it. many people who even bother at all with a firewall usually use something like gufw
i have never bothered with a firewall. just don't run untrusted code on your box.
>or anti virus
clamav is the go to that most people will know. i have never used an antivirus on linux. just don't run untrusted code on your box.
>Any more handy benefits I should know
your apps are updated with normal machine updates and are very very fast.
>or cons
its not windows, dont try to get it to act like windows. dont try to install software by going to websites. if its not in your distros "app store" then just web search for "<distro-name> how to install <app-name>". this will show you how to install software which isn't in your "store".
>any must do's after installing linux
enjoy. if something seems more complicated to do than it should be, look as to why it is that way and its usually for a very very good reason.
finfo_file is probably what you want. It relies on the the magic library which is also used by the Linux file command to make a guess at the type of file you're dealing with, based on things like GIF or PDF headers etc.
This won't make it safe. It's very easy to mask a file type as another. The only way to be sure is to reconvert the file yourself after it's uploaded. For example, if the file should be an image/PDF/MP3, pass it through an image/PDF/MP3 converter.
If you don't know what the file is and/or it's not practical to reconvert it, then I'm afraid there's no way to tell, people can abuse your site and upload whatever they want.
One thing you could do if you're worried about malware or viruses is to use a scanner like ClamAV.
> It would probably be pricey but most enterprise AVs can be set to detect only
If someone really wanted to do it, they could get around licensing costs: https://www.clamav.net/
> Colouring/mapping would be a pain.
I think the real challenge would be figuring out a method for mixing the colors so that the result is meaningful and attractive. Ideally you'd want to make it so you could get a rough idea of which machine is infected with which malware, which machine is infected with the most malware, and how the malware is spreading.
open up your menu and just type out clamav in the search window if you didn't find it in any of the menu categories.
Or just type clamav in the terminal to open it up.
Here is the manual if you need it.
I can confirm this, I've taken my linux laptop down the past three summers.
clam-av satisfies IT's requirement for a antivirus scanner. I run clamscan (it takes a few hours..) the night before laptop check, pipe the output to a file, then show the laptop screener the output.