×


Scanners For Security Linux Servers

Are you looking for scanners for securing Linux Servers?

This guide is for you.

There has not been a single widespread Linux virus or malware infection of the type that is common on Microsoft Windows; this is attributable generally to the malware's lack of root access and fast updates to most Linux vulnerabilities.
The relative security of Linux leads to prejudice while a simple virus scan before installing would reveal the Trojan.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform Linux related security queries.
In this context, we shall look into how virus scanner safeguards Linux.

Scanners For Securing Linux Servers

Moving ahead, let us discuss available scanners for securing Linux Servers to save our day.
Each scanner we mention below serves different purposes.

1. ClamAV

ClamAV is probably the most famous Linux anti-virus. Originally a mail scanner, it has plenty of configuration options and tools to integrate it into our local mail server.
Using ClamAV requires basic command-line knowledge. However, there is a basic GUI to run scans.
While we install the “clamtk” package we will get the GUI with everything we need.
Once ClamAV installation is complete, run “sudo freshclam“ which will update ClamAV’s virus definitions for us.
Then we simply need to run clamtk. We can run the command or find the program called “Virus Scanner” in the “Accessories” section of the menu.
Use the GUI to scan folders or the entire system. Or, if we prefer, use “clamscan” from the command line.
Either way, we will get some quality, free anti-virus protection.
We can scan a directory with the command:
clamscan -r -i DIRECTORY
We can run ClamAV from the command line or with the ClamTK GUI.
Both are easy and dependable.

Installing ClamAV is simple.

For Debian-based systems:

sudo apt install clamav

In RHEL/CentOS systems:

sudo yum install epel-release
sudo yum install clamav

For Fedora-based systems:

sudo dnf install clamav

Similarly, in SUSE-based systems:

sudo zypper in clamav

If we run a Debian-based desktop, we can install ClamTK with the command:

sudo apt install clamtk

The one caveat to ClamAV is that it does not include real-time scanning.
In fact, if we are not using the ClamTK GUI, then to create a scheduled scan, we must use crontab.

AVG

On the other hand, AVG for Linux has no GUI.
It is easy to download AVG for Linux. We can find packages for every major distribution, including .deb and .rpm files.
In addition, using the program is simple. We need to start the AVG daemon and run:

sudo avgctl –start

Eventually, we can use “sudo avgupdate” to update the software and “avgscan” to scan a given file.

Avast

Avast has a pretty great Linux GUI. Here, it is easy to update definitions and scan the folders of our choice.
Installing Avast is a pretty easy task. We just need to download the package of choice, then register for a free year of usage.
Make note that it is not possible to use the program if we do not register.
Registering will give us one year of free non-commercial usage, so we do not need to do it frequently. We will also have access to a sleek GUI and other offers.

BitDefender

BitDefender is best to find viruses that other scanners miss. Suspicious/infected files can process in a number of ways, and it will remind and warn us about existing threats on our machine if we choose to take no action initially.
To get it we have to register and get a trial key. We can eventually turn it into a proper key file. The real key file will last for about six months, at which point we can simply sign up and get another one.

Chkrootkit

Rootkit malware is to surreptitiously take over root control of an operating system. Since rootkits operate as root, the malware has complete access to the entire computer system and can design to compromise a variety of components within the system. They are the most dangerous and damaging threats to Linux systems.
However, to check signs of the rootkit we can use Chkrootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.
A decent firewall can stop them, but virus scanners are no protection against rootkits.

Our Support Experts strongly recommend to run a rootkit checker regularly.
To install chkrootkit in Debian based systems, run:

sudo apt install chkrootkit

Once done, the usage is very simple. Issue the command:

sudo chkrootkit

This command will dive into the system and check for any known rootkits and report back their findings.

RKHunter

RKHunter stands for Rootkit Hunter or RootKit. A rootKit is a feature-rich scanning tool that scans for rootkits, backdoors, and local exploits.
Rootkits cannot be removed easily. However, RKHunter will notify us of any rootkits that may exist in our system so that we can take the necessary steps to reload on any of our hosting servers.
The reason why experts recommend RKHunter is because it ensures that the rootkits are not affecting our server.
We can install it on CentOS like systems with the commands:

sudo yum install epel-release
sudo yum install rkhunter

Once done, the usage is very simple. Issue the command:

sudo rkhunter -c

This command will dive into the system and check for any known rootkits and report back their findings.

During the rkhunter scan, we have to press Enter, as it runs through the different stages of the check.

Maldet

Linux Malware Detect (LMD) is designed around the threats faced in shared hosted environments. It uses threat data to extract malware that is actively being used in attacks and generates signatures for detection.
In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources.
In short, it is is a must to use an anti-virus along with Linux and there is no harm in installing free software that can give security to our account.

[Need urgent assistance to secure your Linux System? We are available to help you. ]


Conclusion

This article covers a few good scanners for securing #Linux Servers.
ClamAV ranked 13 out of 16 for Linux malware and viruses beating McAfee, Comodo and F-prot.
To run a ClamAV scan in Linux, you can open a terminal and insert “sudo apt-get install clamav” and press enter.
You may also build ClamAV from sources to benefit from better scanning performance.
To update the signatures, you type “sudo freshclam” on a terminal session and press enter.
Now we are ready to scan our system.
clamscan is a #command line tool which uses libclamav to scan files and/or directories for viruses. Unlike clamdscan , clamscan does not require a running clamd instance to function. Instead, clamscan will create a new engine and load in the virus database each time it is run.
Clam AntiVirus (#ClamAV) is one such open-source antivirus software that helps to detect many types of malicious software including viruses.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.