What is the best antivirus for Linux. Choosing an antivirus for Linux Mint.

Everyone who uses the Linux OS is well aware that with normal handling of the system, the need for an antivirus simply disappears. However, in some cases, antivirus software can play an important role in maintaining the integrity of useful files. Let's take a closer look at which antivirus for Linux is better of all to use, and how it can be installed.

Antivirus systems are available for free

There are a couple of reasons why you can justify having antivirus software on your PC:

• your PC is a server;
• in your local network there is equipment running under Windows;
• Windows is installed on your device next to Linux.

These are the most common factors that make users look for an efficient and fast antivirus scanner.

Free programs

Antivirus for Linux, like any other software component, can be freely available or sold for money. There are several effective and, most importantly, free funds to protect your PC.

ClamAV

This solution occupies a top position among programs for which you do not have to pay. The application has a convenient GUI interface, has many useful options and does not slow down the system performance. The utility makes it possible to scan a specific directory, archive or mail. To install on Linux, just run sudo apt-get install clamav. If the repository is not downloaded, you can get it with the sudo add-apt-repository ppa:ubuntu-clamav/ppa command.

Avast

The Linux version is considered very effective and relevant today. The program is considered proprietary, the developers have worked hard to create deb packages, everything is installed quite easily. The system may ask you to enter personal data during installation in order to send to email special key. Experienced users recommend entering Gmail box, otherwise the letter with information about the license may take a very long time.

Avira

Another representative of free scanners running on Linux. The German company that released the antivirus has announced the complete end of support for Linux. Obviously, the program did not receive support among users due to the lack of a user-friendly interface. The user is offered only an icon on the panel, everything works invisibly, and config files save the settings.

But the scanner protects the computer well and does not consume much memory. You can download the application from torrent trackers, because this option is no longer available on the website of the manufacturer.

Paid programs

If you really value the information that is stored on your PC, or want to secure the server, we recommend that you buy one of the paid software products.

Dr. Web

For owners Linux Mint 17 and other assemblies, an effective Dr.Web anti-virus application has been developed. Its creators are domestic developers. A license for 12 months costs at least 1000 rubles. To install, you will need at least 512 megabytes of free space and a network connection. If we talk about licensed components, then these are:

• update application in auto mode;
• OS GUI interface module;
• console scanner.

According to the creators, the antivirus consumes little traffic when updating and does not load the computer at all. This program really catches viruses well, but when scanning, the system slows down a bit. Programmers position the application as a great solution for home use, albeit a bit expensive.

ESET NOD32

A product popular in Windows is also available for Linux. The main advantage when buying a license is its versatility. If you have several systems on one computer, then it is enough to buy only one license. Scanning is fast enough, the utility usually finds all malicious and suspicious files.

It is important to understand that paid versions provide the so-called trial period - free use for 1 month. The developer's site provides a package with installation files.

The disadvantage of the application is the inability to detect defects in archives that have a password. You will learn about the virus only when you unpack the downloaded archive.

Results

Antiviruses for Linux are not used as often as for Windows. However, if you need to install such software, you can get it by downloading it from the developers' websites. Some versions are free, while antivirus utilities that are more powerful and powerful can be purchased for a small fee.

Does a Linux user need an antivirus? It is extremely difficult to infect a computer running the Linux operating system. However, this does not mean that there is no reason not to use an antivirus program on this platform. Therefore, if you choose, which one?

Consider the following example: if there is an unknown flash drive, then inserting it into the computer under Windows control, there will be a high probability of infection of the entire system; at the same time, using a Linux system, you can check the flash drive on it and make sure that there is no threat, use it already on Windows. Thus, the antivirus can be used in similar situations. For example, using this method, you can check hard disks friends and acquaintances, helping them clean the computer from malicious code without unnecessary complications.

It is for this reason that the best demon paid antivirus for Linux, must be proficient in detecting and removing viruses on the Windows platform.

Why do it both as a one-time scanning tool and as a permanent monitor. This solution will be especially useful system administrators that support the entire information security network.

The second reason to look for Linux is the mail filter. Again, this reason is a consequence of Windows platforms. Where Linux user will not notice the malicious code in the file mail letter, due to the use of another operating system, Windows user will be infected. Therefore, in order not to be a carrier of viruses for other operating systems, those using Linux should check their mail for malicious code. A mail filter is also a great way to deal with spammers, though this decision mostly refers to system administrators. Acting as the central node for receiving and distributing mail, the antivirus checks mail for viruses and trojans, and also filters out spam emails. In a word, for Linux should have such a tool as a reliable mail filter.

The last item on the agenda will be viruses in the Linux system itself. Such, for example, is Linux.Encoder.1 - aimed at site administrators with a web server on board. The dangerous Trojan encrypts files in home directories and directories related to website administration, after which it leaves a ransom demand on each encrypted file. Such a virus is often encountered when a new CMS is installed on a web server. Another loophole for viruses was the use of a vulnerability in the Windows OS library emulation application - Wine. The more it spreads Linux system on home users' computers, the higher the likelihood of finding new vulnerabilities and viruses on Linux. This is especially true due to the proximity of Linux and the Android mobile platform.

That is why it is worth thinking about installing the best free antivirus for Linux - Comodo for Linux. High performance, user-friendly graphical interface and time-tested efficiency.

Have you ever wondered if you need an antivirus for Linux? Many copies were broken in endless disputes, and now, the answer seems to be obvious - of course, it is needed! But only if you need to look for Windows viruses.

It would seem that it can be considered an axiom that if there are viruses on the platform, then an antivirus is also needed. But with Linux it's not so simple. Yes, there are viruses under Linux, but in 99% of cases they are worms that can exploit a single vulnerability in a specific service and, as a rule, a specific distribution (since the version of the service, settings, and compilation parameters change from distribution to distribution) . A good proof of this fact is, for example, Linux.Ramen (using vulnerabilities in wu-ftpd on red hat 6.2 and 7.0), the Badbunny macro worm for OpenOffice, or the same Morris worm.

However, almost every antivirus manufacturer has a version for Linux. True, most often this is the version for mail server, gateway or shared file storage, to protect Windows clients. But Lately the number of antiviruses for the Linux desktop began to grow. And the manufacturers of the corresponding products are frightening with "the number of malware under Linux coming exponentially." Whether or not to use an antivirus on a Linux desktop is a personal matter for everyone. For me, as long as the popularity of Linux on desktops has not exceeded 1-2%, and manufacturers of popular distributions release security updates in a timely manner, there is nothing to be afraid of. But there are situations when you need to check a screw with Windows for viruses or a USB flash drive before giving it to someone. In such cases, antivirus under Linux can come in handy.

In general, testing antiviruses is a thankless task, since there is no objective test, and everything depends very much on the test set of viruses (which manufacturers successfully use, periodically submitting tests to the public that undeniably prove that their antivirus is "the most-most "). Since in all Linux antiviruses the bases and the kernel are identical to the Windows version, you can safely evaluate the effectiveness of antiviruses for Linux by tests of Windows versions.
Paid

For most of these antiviruses, manufacturers ask for money. If the antivirus was made with an eye on corporate clients, and it will cost a lot of money. But if you need antivirus "for a couple of times", then you can get by with a trial license (fortunately, most manufacturers provide it).

I'll start the review with Dr.Web for Linux, since the "revolutionary" version number 6 was released in April with new interesting features and a graphical interface. There is support for both 32- and 64-bit distributions. Installation is elementary - a .run file is downloaded from the official site, when launched, a graphical installer appears. After a couple of clicks on the "Next" button, the product will be installed. If you don't have a license key yet, during installation you can request a demo key for 30 days from the company's server (you can request a demo key no more than once every 4 months). After installation, the "DrWeb" item will appear in the Gnome menu (with two sub-items: starting the antivirus and removing it), and a nice icon will appear in the tray, but not very suitable for the default Ubuntu theme, symbolizing the operation of the file monitor.

There is also a CLI scanner, to scan the current directory it runs like this:

$ /opt/drweb/drweb ./

If it swears at the absence of a file with a key, then run it with an ini file, for example:

$ /opt/drweb/drweb -ini=/home/adept/.drweb/drweb32.ini ./

In total, for 799 rubles a year, the user will receive an antivirus with a graphical (GTK) and CLI interface, integration with DE, an antivirus scanner and a monitor that checks files when they are accessed. Considering the core and bases that are common with the version for Windows, this is a pretty good offer for those who need a paid antivirus for a Linux desktop for a good night's sleep.

Unlike Dr.Web, Kaspersky Lab believes that a home Linux user does not need an antivirus at all. But in the corporate sector it can come in handy. Therefore, Kaspersky Anti-Virus for Linux Workstation cannot be purchased separately, only in part of Kaspersky Total Space Security, Kaspersky Enterprise Space Security, Kaspersky Business Space Security or Kaspersky Work Space Security (that is, from 7,700 rubles per year). The Linux version is not being updated very actively - the last release (5.7.26) was already in October 2008. Deb and rpm are available on the site, support for both 32- and 64-bit is declared. During installation, it immediately requires you to give it a file with a license key (which can be requested on the offsite for testing), offers to configure a proxy and download the latest versions of databases, and can also install a special module for webim and compile the kavmonitor kernel module (allows you to intercept kernel calls to access to files and scan these files for viruses). Unfortunately, kavmonitor does not support kernels newer than 2.6.21 (for 32-bit systems) and 2.6.18 (for 64-bit systems), so all more or less new distributions will have to do without it. The antivirus does not have a graphical interface, only CLI. Runs like this:

$ sudo /opt/kaspersky/kav4ws/bin/kav4ws-kavscanner /tmp

You can update databases like this:

$ sudo /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date

The main antivirus settings are stored in the /etc/opt/kaspersky/kav4ws.conf config.

Another popular antivirus manufacturer in our homeland, ESET, also has a version for Linux desktops (ESET NOD32 Antivirus 4 for Linux Desktop), which, however, still has the status of a beta version. But the beta version can be absolutely free to use until a certain date. After the release, most likely, only the trial version can be used for free. x86 and x86-64 architectures are supported, installation is done using graphical installer. By default, the antivirus is installed in /opt/eset. After installation, we are greeted by a laconic interface on GTK and an icon in the system tray, symbolizing the operation of the file monitor. The interface can be switched to "expert mode", which will add a couple of items: Setup (for setting up the scanner and monitor) and Tools (for viewing logs and quarantined files). There is also a CLI scanner, scanning the current directory:

$ /opt/eset/esets/sbin/esets_scan ./

The "-h" option will show the possible scan options.

One more is enough major manufacturer antivirus solutions, which has Linux-versions of its antiviruses - McAfee. In general, if you evaluate only their Linux products, then the vendor is rather strange (by the way, the only one whose website is running on IIS is nothing personal, just statistics :)). Instead of an All-in-one solution, their product line has several separate solutions for Linux: LinuxShield (a monitor that checks files on access) and VirusScan Command Line Scanner for Linux. LinuxShield costs about 2 times more. But Command Line Scanner is available not only for Linux (x86 and x86-64), but also for almost all conceivable operating systems: Windows, FreeBSD, Solaris, HP-UX and AIX. McAfee positions its products as solutions only for large companies, so you can buy at least 11 licenses of each product name from partners, and before downloading trial version, you need to fill out the largest registration form, in which you tell in detail about your company.

The Command Line Scanner is installed by the install-uvscan script from the downloaded archive. During installation, the script will ask a couple of questions (where to install and whether to make symlinks) and offer to immediately check the entire file system. The scanner is not designed to work with new distributions, so it didn’t start without dancing with a tambourine on Ubuntu 10.04, cursed at the lack of libstdc++.so.5. I had to install from debian. This is the only antivirus scanner that does not have any update utility. New bases are offered to be downloaded independently and added to the installation directory. To scan the current directory, type:

The "man uvscan" command will tell you about a large number of possible options of varying degrees of usefulness.

LinuxShield officially supports only RHEL and SLED, for other distributions (and, accordingly, other kernels), it is necessary to rebuild the kernel with antivirus modules. It's a dubious pleasure to rebuild the kernel with every update just because of the anti-virus modules. In addition, it is not a fact that the modules will be built with kernels newer than 2.6.18.
Freebie

Some manufacturers give out free keys to draw attention to their products. home use(including Linux versions).

This is what BitDefender does, for example. Its BitDefender Antivirus Scanner for Unices is free to use for personal use. After filling out a small registration form on the offsite, on mail will come a letter with a key for a year and a reminder that the key is "for personal usage only". Another plus for BitDefender is the number of versions: deb and rpm packages, ipk (universal installer) and tbz for FreeBSD are available for download. And all this for both 32- and 64-bit operating systems. The 128-page manual also inspires respect. As part of the antivirus only a scanner, no monitor. The scanner can be launched both via the GUI (there is integration with DE) and via the CLI. Scanning the current directory:

Database update:

$ sudo bdscan --update

As usual, "man bdscan" will show many interesting options.

Another free antivirus for personal use is AVG. There are versions for Linux (deb, rpm, sh and just an archive with binaries. True, only 32-bit) and FreeBSD (also only for x86). Available for Windows 9th version, and for niks - so far only 8.5 (released in January 2010), but the beta version of the upcoming nine can be downloaded after registration. In addition to the scanner, there is a monitor for on-the-fly scanning. Only the inclusion of this feature is not trivial: you need special modules for the kernel (RedirFS or Dazuko). The antivirus does not have a graphical interface, only CLI. Scanning the current directory:

Database update:

$ sudo avgupdate

The next contender is avast. You can get a free annual license for personal use after registration. There are deb, rpm and archive with binaries. True, again only for 32-bit. There is also no integration with DE. The antivirus is launched with the avastgui command.

At the first start, it will ask for a registration key or offer to follow the link and get it on the site (however, don't be fooled: the cunning antivirus sends to the wrong link; the correct link is: www.avast.com/registration-free-antivirus.php).

In addition to the GUI, there is also a CLI interface. Scanning the current directory:

Database update:

$ sudo avast-update

The next vendor offering free home use of their product is F-PROT. Linux version: F-PROT Antivirus for Linux Workstations. There are versions for Linux (i386, x86-64 and PowerPC), FreeBSD, Solaris (for SPARC and Intel) and even AIX. The latest version for Linux (6.0.3) was released in December 2009. Installation is carried out using the install-f-prot.pl script. The script simply creates symlinks in /usr/local/bin (or any other specified directory to the downloaded binaries, so it's better not to install F-Prot, say, from the desktop, but first move it somewhere, for example, to /opt). The last stage of the installation is downloading updates and setting tasks to download updates hourly in cron. Launch:

Many things can be set with parameters: for example, recursion depth (30 by default), scan levels and heuristic work level, etc. (read more in "man fpsan"). Forced database updates can be started with the fpupdate command (located in the installation directory).
Liberty

The most famous (and concurrently the only normal) OpenSource antivirus is clamav. There is a console scanner and several GUIs for it (clamtk for GTK and klamav for kde). Can also work as a monitor via DazukoFS. True, in most tests it does not show the most brilliant results. But it is in the repository of any distribution, for any architecture, and there are no licensing restrictions. The most for undemanding users!

DazukoFS (from Dateizugriffskontrolle, German for file access control) is a special file system that provides applications with mechanisms to control access to files. Since DazukoFS is not included in the vanilla kernel, in order to use it, you will have to patch and rebuild the kernel. DazukoFS is used by many antiviruses to implement the monitor function.

The first two versions of Dazuko were developed and released under the GPL by Avira GmbH. The third version, called DazukoFS, has been completely rewritten by the community.
Live antivirus

LiveCD with antivirus helped me more than once in a situation when I needed to quickly restore at least some working capacity of Windows, which, under the load of its viruses, did not want to boot into any. Unfortunately, the choice among such tools is not very large - not every vendor offers their own LiveCD, and even for free.

Perhaps the most famous representative is Dr.Web LiveCD. Current version(5.02) was released a long time ago, and so far there are no public beta versions (although a build with updated bases is released every day). But there is hope that, after the release of version 6 for Linux LiveCD, they will finally update it. Despite the fact that the assembly is based on not quite old components (kernel, for example, version 2.6.30), the thread about LiveCD on the official drweb forum is full of reports that the OS does not boot in graphical mode on one or another hardware. In such a case, there is SafeMode with a bare console and a console scanner.

Unlike Dr.Web, Kaspersky does not particularly advertise its LiveCD, there is not even a mention of it on the offsite. But you can't hide anything from Google! :) LiveCD can be freely downloaded from here. The LiveCD loads pretty fast. As soon as you notice that it is based on Gentoo and the 2.6.31 kernel, the license agreement will pop up. After accepting the terms of use, a GUI (looks like kav 2010) is launched with the ability to scan and update databases.

AVG also has its own LiveCD. Encounters at startup license agreement, which, of course, after carefully reading, must be accepted (otherwise - a reboot). The only LiveCD that has a pseudo-graphical interface. When booting, it automatically mounts Windows partitions, while partitions with a file system other than FAT or NTFS refuse to mount. But from pseudo GUI you can exit (and, if necessary, run it again with the arl command), mount it manually and run the check from the console. Of the usefulness, you can also note the tool for editing the registry ( Windows Registry Editor).

There are times when the results of a scan with one antivirus are not enough. Apparently, the creators of the ViAvRe (Virtual Antivirus Rechecker) distribution kit, which contains a whole bunch of different antiviruses, thought so: Avg, Avast, Doctor Web (CureIt), McAfee, BitDefender, F-Prot. The project is still very young, but already shows great promise. The latest version at the time of writing (04.10, released in April this year) is based on OpenSuse 11.2 using SuSeStudio. Another feature of the distribution is the viavre-update command, which allows you to update the databases for everyone at once installed antiviruses. LiveCD is released in two editions: full version with KDE (and minimum requirements in 768 MB of RAM) and a light version with LXDE (delivered without mcafee antivirus, avg, firefox, virtualbox and k3b; capable of running on 256 MB of RAM).
Conclusion

Unfortunately, not all antiviruses for Linux were considered, but only the most famous ones. Left behind, for example, Panda DesktopSecure for Linux and antivirus from Avira. But I hope that among the options presented, if necessary, you can find something to your liking.

They say that viruses in linux are transmitted by the "wow, let me see!" Indeed, in most cases, in order for the virus to work under some Linux assembly, you need to compile the sources yourself and run the binary from the console with root rights. After that, there is a high probability that the virus will not start, and a bunch of execution errors will fall into the console.

Of course, there is no point in installing an antivirus if you plan to use Linux exclusively. But if you plan to set up a file server, then it makes sense to install an antivirus to check traffic. Thus, you will protect machines with windows on board from malware. To be honest, at the moment there are only a few more or less suitable antivirus programs to check network traffic in real time.

There are even fewer anti-virus software that actually guaranteed reliable protection and was still available for Arch, Gentoo, FreeBSD and other popular systems for raising web servers. Therefore, if you are serious, then I advise you to pay attention to anti-virus programs paid for by commercial companies. Undoubtedly, open source products can be of high quality. But there is a high probability that the databases will be updated infrequently, and the project will eventually be completely abandoned. After all, you use the software "as is", and if you suffer financial losses due to poor protection, then you can only blame your gullibility for this.

So, let's look at what anti-virus programs are currently available for Linux, learn about the main disadvantages and advantages, and try to decide which of the programs is best suited for what purposes.
Free antivirus

Paid Options

ESET NOD32 Antivirus 4 for Linux Desktop.

One of the advantages of this antivirus can be considered the versatility of the license that you purchase. This means that if you have several operating systems and on all you want to use ESET NOD32, you only need one license. I don’t know about working under Linux, but my friend just flies on Windows. Scans quickly, finds almost everything, requires little PC resources. Very good, but very paid option.

Also, like most paid products, it has test free versions for a period of 30 days. You can download the installation package from the official website.

Here is the result of scanning the archive with viruses under a password.

And here is what happened after unpacking the archive.

As you already understood, scanning a password-protected archive does not give any results and it will be possible to find out if there is malware in the archive you downloaded only after unpacking. Fortunately, even in the process of unpacking, ESET detected a virus.

- ideal, in my opinion, an option for servers. Checks network traffic in real time. Another plus is that it frequent updates Database. Good support for Fedora, RedHat, SUSE and other *nix that are often used for servers.

Dr. Web- anti-virus software, which is developed by a Russian company. A license for 1 year will cost about 1000 rubles.

The developers' website states that Dr.Web provides best performance, does not load the system and there is little traffic during updates. Despite this, during the scanning process, Dr.Web loads the system very heavily and other applications slow down terribly. For example, when scanning a file system, sit in social network from a browser was almost impossible. Reliable enough antivirus for home use, but too expensive for these purposes.

Free antivirus programs

ClamAV- perhaps one of the best free antivirus programs that has a normal GUI interface. Allows you to scan mail, archives, selected directories. Easy to use. Cross-platform software (available for Windows, Linux and Macos).

Repository, in case you don't have it:

sudo add-apt-repository ppa:ubuntu-clamav/ppa

Installation by command:

sudo apt-get install clamav

One of the downsides is the need to manually update the databases each time. This is done by the team

There is a built-in PC scan scheduler with a choice of directories.

Previously, I had to use this antivirus to treat flash drives. Unfortunately, it did not justify my hopes, since it does not find all the viruses. To demonstrate, I installed clamav and scanned the archive containing 5251 viruses. I keep this archive specifically to test the effectiveness of anti-virus software. As you can see, the antivirus scanned the archive as a single object and found no threats. And only after unzipping, ClamAV detected threats (just like ESET NOD32).

I had to look for another archive with viruses, already without a password. It contained 3266 viruses. Screenshot results:

Avast Antivirus Linux Home Edition- one of the best, in my opinion, free options for Linux. Proprietary software. Very easy to install, there are deb-packages. When installing, it upsets the need to enter your data and receive a registration key by mail. License key arrives by mail within 30 minutes from the moment the request was sent. After waiting for an hour, I did not receive any keys to the mail (mail.ru). Conclusion - enter your Mailbox in from google.com.

Avira AntiVir Personal- Antivirus from a German manufacturer. A couple of years ago, there was talk of stopping support for Avira AntiVir under *nix, as there was practically no demand for the program. Despite this, as you can see below on the screen, Avira AntiVir for Linux is available for download. The developers claim that support latest version will last until 2016, after which the company will finally stop any development related to Linux. Perhaps one of the reasons for the unpopularity of Avira AntiVir was the lack of a graphical interface. All that users could see was a small icon on the panel, indicating that the program was still running. Settings are stored in configs, the program works invisibly. Regular user the whole thing might seem unreliable. It is no longer possible to download the Linux version on the official website of Avira AntiVir.

Given all the above features, we can say with a clear conscience that Avira AntiVir is not suitable for protecting your PC. Although it used to be an excellent antivirus that did not consume a lot of resources.

F-Prot Antivirus- an option that is suitable for installation on servers. In principle, it can be used for desktops, but it doesn't make much sense. Supports linux, windows, BSD and D-DOS platforms. And now the most interesting. For home use in windows environment You can download a free trial version that you can use for 30 days.

But for home use in a linux environment, F-Prot Antivirus is free.

The antivirus is installed using the script, which is in the archive. Of course, such an installation is not suitable for beginners in the Linux world, but antivirus is more suitable for server machines.

Results

As you can see, today most anti-virus programs for Linux have many drawbacks. It can be abandoned project support, poor databases due to poor funding, or insufficient functionality. There are only a few antivirus programs whose manufacturers are really strict about the quality of the product for linux. For the most part, these are paid products, but there are exceptions. For example, I trust antiviruses more, updates to which are released more often than once every three months. Now think about how often database updates will be released for antivirus software, whose developers have created this miracle on pure enthusiasm. And despite the fact that I am a supporter of free software, I still advise the owners of large companies to spend money on a license once a year, thereby reducing the likelihood of losses due to infection. For those who want to install an antivirus for home use, it is best to be guided by personal preferences and convenience in setting up one or another antivirus.

Of course, I didn't install and test every one of these anti-virus programs, because otherwise I would have to buy all these licenses and spend several days or even weeks. But I hope that short description most of the options will help you make the right choice.