[lotuseclat79]

Linux malware.

Check out the Threats (trojans, viruses, worms) section.

Linux anti-trojan software is normally rkhunter and chkrootkit.

Check out List of antivirus software.

-- Tom

[Lordandmaker]

Quote:

Originally Posted by lotuseclat79

Linux anti-trojan software is normally rkhunter and chkrootkit.

These are anti-rootkit (well, rootkit detection and cleanup), not anti-trojan.

Anti-trojan is done by the anti-virus software. ClamAV is the popular free one, but the big Windows people sells theirs for nix, too.

[lotuseclat79]

Hi Lordandmaker,

Mostly you are correct, but the payload (trojan) is often part of a rootkit that deposits the trojan in the first place. As an example, a former colleague of mine, an OS engineer whom runs a Linux server at home got behind (tsk, tsk) in keeping his security updates current (a common occurrence by many whom run servers at home) - as a result, his server was "served up" with the Suck It rootkit accompanied by a trojan. Chkrootkit helped to identify the situation for him, and he took appropriate measures to clean it up. He should have known better and was quite embarrassed by the compromise.

-- Tom

[lotuseclat79]

Hi TRS-80 vet,

Please open up a new thread as this is an entirely different issue. You can delete post #4 in this thread after saving the content to open a new thread of your own.

Thanks, please indicate which Linux distribution OS/version you are running.

-- Tom

[byrosemuji]

It is common knowledge that Linux users needn't worry about viruses because users don't run as root. I've never understood the reasoning behind this. Here are a few of the malicious things that a program can do without being root on Ubuntu 8.10:

• Start a program every time you login
  Add an entry to .config/autostart
• Configure firefox to route all traffic through a remote proxy
  Change a line in .mozilla/firefox/*/prefs.js
• Replace everything in your "System Settings" menu with a command that asks you for your password, then does something else before invoking the real program.
  Add a file to .local/share/applications
• Download and install other programs in the background
  Putting them in .gnome2/system32 seems somehow appropriate
• Run a server of any kind (web/ftp/irc/etc)
  Just pick a port above 1024, and update the firewall with uPnp
• Install a new firefox plugin
  put it in .mozilla/firefox/*/extensions/
  call it "Ubuntu System Integration Plugin Helper"
• _________________________________________________
  child support and unemployed
  wedding venues wales

[Daredeval756]

I realize it is near impossible to get a linux system infected, but i keep an on demand scanner on there to scan once a month or so just to be safe. It doesnt run as a service or in the background, just when i want

I forgot to mention that it is Avast! Free Edition for Linux.

ClamAV is nice, but to my knowledge it will not remove the virus, just detect it, at least with my experience on a windows system. And i do not have much sucess with its detection rate vs AVG and Avast!(on winblowz) Please correct me if im wrong.

//DareDeval756