anti virus software installation

Asked by rajusenthi on 2009-03-01

where to get calmav for ubuntu and how to install

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu clamav Edit question
Assignee:
No assignee Edit question
Solved by:
Tom
Solved:
2009-03-01
Last query:
2009-03-01
Last reply:
2009-03-01

Hi,

You can find community documentation on installing, updating and running ClamAV at https://help.ubuntu.com/community/ClamAV

Hope that helps you out.

peter (peter-neuweiler) said : #2

Hi

Take care, ClamAV can detect viruses but it can't remove them.
Peter

rajusenthi (namasivaya07) said : #3

which is the best anti virus software for detecting and removing malicious things?please guide me.

Best Tom (tom6) said : #4

It can remove viruses if you use it from the command-line - it would be a bit pointless otherwise. It can even remove viruses from Windows on different drives. To install ClamAv simply go up to the top taskbar and click on

System - Administration - Synaptic Package Manager

it asks for your normal user password, not your SuperUser/Root one. Use the search button to look for "antivirus", the search tool looks in descriptions as well as titles. Packages that are already installed have a green splodge beside them. To install something right-click on it and select "install" then click on "Apply".

It might be interesting to also search for firewall and then resort the list so that all the installed packages move up to the top. you'll see quite a lot installed already. Re-sort alphabetically by clicking on the word "Package" in the grey headings area at the top of the list. If you want a good front-end (gui) for the firewalls that are installed as standard then try "Firestarter" - this is a good networking tool as well as showing the state of the firewalls.

Having installed clamav and all it's dependencies get to a command line by going back up to the top-taskbar and click on

Applications - Accessories - Terminal

into the terminal/command window/console try typing

clamscan --help

to get instructions on using ClamAv to do a scan for and remove viruses and all the other options it offers.

Good luck and regards from
Tom :)

Tom (tom6) said : #5

lol, it looks like that documentation might be out of date? Typing "clamscan --help" into the command line shows

    --remove Remove infected files. Be careful!
    --move=DIRECTORY Move infected files into DIRECTORY

this move option would seem to allow setting up a "Quarantine" folder and then moving all infected files into it so that if they turn out to be crucial files then uninfected copies can be found or the files somehow worked on to remove the bad code. For a list of other antivirus' please look at the bottom of this page

https://help.ubuntu.com/community/Antivirus

Panda is documented as being able to disinfect files. Ones later on in the list are a bit unclear about whether they can or not. I think the question about disinfecting files is a trick question (and a bit techi) because getting rid of the infected file seems to be a slightly more certain way of removing the virus than trying to mess around with code which doesn't mean anything to most of us. In military terms from the movies it would be "setting up a perimeter" and totally obliterating everything inside. Not very elegant, i admit.

Avg and ClamAv seem to be very popular, widely used and easy to get help with - so i would go with one (or both) of those but i would maybe also explore Panda which looks like it might be more elegant.

Good luck and regards from
Tom :)

Tom (tom6) said : #6

One of the problems with talking about anti-viruses in Ubuntu is that linux generally is written with security issues in mind right from the start rather then added on top of an existing system.

Windows seems to be written to leave all the ports open and almost everything wide open to attack. When an attack happens people then act all surprised about it and write; patches, anti-viruses, removal tools, security-updates and so on - which all generates business in either direct cash or in "market share"

Linux avoids these "make work" scenarios because developers are more interested in writing something new to develop functionality or productivity. As people will be looking through all the code of the programs there is more motivation to write tight, beautiful and elegant code.

In linux a "security issue" is someone writing in to say they could access such-and-such and didn't think it was a good idea to be allowed to do that. Chances are a developer would have already been working on a fix for that while adding in new functionality for something else.

Of the 2 viruses i know of in linux one has a command line option to remove it. You just type in "bliss disinfect-please" or something like that and it removes itself from all the programs it "infected" using the log-file it makes while trying to infect as much as it can before you accidentally kill it some other way! Bliss was initially released with an alpha version but i think eventually made it to beta-testing before it's creator (a nice guy actually) got too involved in other projects and didn't have time to develop it further. lol

Don't worry, just avoid being Root User or Super User and you should stay completely safe from even these 2 viruses.

Good luck and regards from
Tom :)

peter (peter-neuweiler) said : #7

Tom, this is in contradiction to the site https://help.ubuntu.com/community/ClamAV. In the first line is written: ClamAV is a command line virus scanner. It can only detect viruses; it cannot remove them from files.

What's true *lol?
Peter

rajusenthi (namasivaya07) said : #8

Thanks Tom, that solved my question.

rajusenthi (namasivaya07) said : #9

Thank you very much for time spent with my question

Tom (tom6) said : #10

@ rajusenthi
You're welcome, thanks :)

@ Peter
I use ClamAv and had a feeling something was odd about the way the documentation was phrased. So i checked ClamAv on my own machine. The Ubuntu documentation states "it cannot remove them from files" however it later states "Remove files infected with viruses? You can " and then describes how to remove the whole infected file - not very elegant and if the infected file is vital then there may be complications.

With Open Source software its usually fairly simple to "repair broken packages" and hopefully this would reinstall a fresh, uninfected, version of the missing file. With Windows packages this may be more difficult but in the distant past i have managed to find odd "dll" files and things from another machine with the same Windows OS and have also managed to Google search for an odd missing little file. By pure luck it usually worked for me.

Usually though, in Windows, it's best to go to the website of a couple of the more trustworthy anti-virus companies and look-up a specific "removal tool" for the particular virus found. Symantec, Avg and others often have a list of "latest threats" and how to approach disinfecting a machine - each virus will need a slightly different approach and a different tool. I would check that a couple of sites said the same thing before taking action.

For some interesting background reading try the links from this guide
https://help.ubuntu.com/community/Antivirus?highlight=(\bCategorySecurity\b)

Good luck and regards from
Tom :)

Tom (tom6) said : #11

Ahhhah, i've just thought of a simple way of explaining it.

If you have a glass of water then a silver-tray wont be much good at getting rid of the water. However it can carry the entire glass outside with the water inside the glass. Does that mean the water is still inside the room?