There is a myth that Linux (and other Unix systems such as BSD and Solaris) does not need anti-virus, because it is a safer operating system than Windows. And it certainly is: its differentiation between the root user and ‘normal’ users, and the permission system linked to it, makes much of the malware we can run have a much more limited effect than in Windows.
It is also said that there is less malware for Linux because “fewer people use it”, but that statement needs to be qualified: most Internet servers run on Linux systems, so finding ways to attack them is a great motivation for many malware creators.
Many popular anti-viruses in Windows environments, such as AVG, Avast!, ESET or Kaspersky, are also available for Linux. However, their function is primarily to detect malware for Windows, either to scan other partitions on dual-boot machines, or to scan files passing through Samba or mail servers.
But we will not talk about those applications in this post: only software dedicated to detecting Linux-specific malware within Linux environments.
It detects rootkits, and all kinds of exploits and backdoors by comparing MD5 summaries of the main files in our system with the correct signatures, stored in an online database.
Rkhunter also looks for other malware indicators, such as incorrect permissions, open ports, certain hidden files or suspicious strings in kernel modules.
Again, this is a command line tool, which can be used by simply typing ‘sudo rkhunter –check’ (again, make sure you know all the options it includes).
The antivirus par excellence for Linux. Open source, multi-platform and very versatile, it is basically the standard in Unix environments: many other programs use it to check files (e.g. email servers).
ClamAV is also cross-platform, so you could even install it on Windows, although it only supports real-time protection in Unix environments. Like many other antivirus programs, it is also capable of scanning the content of compressed files.
Type ‘sudo clamscan -r -i DIRECTORY’ in the terminal and enjoy your linux antivirus. If you install it together with ClamTK or KlamAV, you can also have a graphic interface and forget about typing commands.
Basically, ISPProtect is a malware and virus scanner specifically focused for use on web servers. It is, for many, the best in its field but it comes with a price. It has three scanning engines: one based on signatures, others on heuristic scanning and one that detects obsolete versions of content management systems (WordPress, Joomla, Drupal, etc), one of the big security holes of many servers.