Virus scanning on Devuan

mark0x01 · 2023-08-04 01:08:29

I have been successfully using Comodo for Linux for a few years, but it recently stopped receiving updates and looks to have been finally abandoned, along with all the other linux AV products that once existed.

With no other still supported options I can find, I was reverting to clamav, but wanted to use it's recent real time option with clamonacc.

This opens a whole new challenge, as it requires a kernel with fanotify support, and that looks to first appear in the most recent Debian 12 - bookworm, so Devuan looks like it will have a way to go before that will be an option, unless I head down the custom kernel route, which is not an option I'm keen on.

What do other Devuan users use for virus and malware detection?

rolfie · 2023-08-04 07:04:27

None

Andre4freedom · 2023-08-04 07:31:50

Agree: none
Should you share files with Windows machines, you can check and protect these files with clamav. Just keep it updated. Read The Fascinating Man-pages.

fsmithred · 2023-08-04 09:23:14

Devuan Daedalus is the same as Debian Bookworm. We use the exact same kernel.

$ grep -i fanotify /boot/config-6.1.0-9-amd64 
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

Looks like it's in Chimaera, too.

$ grep -i fanotify /boot/config-5.10.0-23-amd64 
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

chris2be8 · 2023-08-04 16:10:18

It's been there for a while:

chris@rigel:~/bin$ ls -l /boot/config-*
-rw-r--r-- 1 root root 186853 Jun 30  2022 /boot/config-4.9.0-19-amd64
-rw-r--r-- 1 root root 186567 May  7  2018 /boot/config-4.9.0-6-amd64

$ grep -i fanotify /boot/config-4.9.0-*
/boot/config-4.9.0-19-amd64:CONFIG_FANOTIFY=y
/boot/config-4.9.0-19-amd64:CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
/boot/config-4.9.0-6-amd64:CONFIG_FANOTIFY=y
/boot/config-4.9.0-6-amd64:CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

This is on a system that's still running ascii. The older config will be off the installation DVD, which is why it's from May 2018.

mark0x01 · 2023-08-09 11:02:51

Thanks for the tips.

I do have files for Windows passing through so I have brought my system up to date and trying out the on access part - it is in clamav-daemon, a package I hadn't previously installed.

There isn't a startup script for the clamonacc component yet, and there seem to be some issues making one work at present, so I'll need to experiment with that.

Andre4freedom · 2023-08-09 11:40:22

It's quite easy:
install clamav-daemon (with all dependencies)

The services will be installed and started.
To make sure your on-access-scan is started by default:

$ sudo rc-update add clamav-daemon

I've just verified it on my standard Devuan 4 (Chimaera) system. It run's with open-rc.
If you have a system installed with init-sysV, the same script should work:

$ ls -l /etc/init.d/clam*
-rwxr-xr-x 1 root root 9563 Feb 17 21:43 /etc/init.d/clamav-daemon
-rwxr-xr-x 1 root root 7692 Feb 17 21:43 /etc/init.d/clamav-freshclam

Ron · 2023-08-09 12:07:44

If I were to run an AV on Linux, I'd just go back to Windows. It would defeat the whole purpose (one of them, at least).

tom · 2023-08-10 13:14:20

mark0x01 wrote:

What do other Devuan users use for virus and malware detection?

maldet (Linux Malware Detect) and this will use also clamav together.

https://www.rfxn.com/projects/linux-malware-detect/

mark0x01 · 2023-08-11 05:04:02

And if you run wine?

I have now scanned my home dir and uncovered a few infected applications hiding in wine.

Definitely worth using on Linux, as it is not as safe as it once was.

chris2be8 · 2023-08-11 16:27:24

Ron wrote:

If I were to run an AV on Linux, I'd just go back to Windows. It would defeat the whole purpose (one of them, at least).

The obvious use is to scan files etc that have to be processed on a Windows system. It's a lot harder for a virus to infect the system doing the scanning if that's a different OS. And possibly a different CPU, eg a Raspberry PI.

neilgunton · 2023-08-18 23:28:05

I have used rkhunter and chkrootkit in the past.

Devarch · 2023-09-04 20:12:49

mark0x01 wrote:

What do other Devuan users use for virus and malware detection?

Do not get it. The very first thing to do after installation is to configure firewall.

You can use portable antivirus on windows virtual machine to analyse the shit received from others if you have this kind of issue.

bai4Iej2need · 2023-09-05 11:10:34

mark0x01 wrote:

And if you run wine?
I have now scanned my home dir and uncovered a few infected applications hiding in wine.
Definitely worth using on Linux, as it is not as safe as it once was.

It is not the linux which is less safe, it is the w(h)ine install in your $HOME, which is unsafe.

Stop the wine application which offers all the uncertainties of windows.
Stick in an infected usb stick and wine will begin to work and distribute the virus inside your wine-home. I have seen this live on my Laptop.
I used to

apt remove wine*

and then have the directories scanned for viruses.
I Used antivir for that, still existing but it is no more in the distros I know
Have ever since 10 years not used any virus checking or w(h)ine anymore.

Segfault · 2023-09-05 12:37:36

Windows viruses do not run in Wine. Some of them may cause crashes, but that's all, no actual security risk. People keep forgetting viruses exploit software vulnerabilities, you don't expect non-MS Wine system have the same vulnerabilities as MS Windows, do you?
I use clamav occasionally to scan my home. Sometimes there are some found in my browser cache. No wonder, I do not restrict my browsing like scared Windows users do. Nevertheless, none of that stuff found there can do any damage in Linux.

bai4Iej2need · 2023-09-05 22:58:36

Segfault wrote:

Windows viruses do not run in Wine

And you was looking over my shoulder.

And the earth is flat.

Last edited by bai4Iej2need (2023-09-05 22:59:23)

PedroReina · 2023-09-06 08:45:03

bai4Iej2need wrote:

Segfault wrote:
Windows viruses do not run in Wine
And you was looking over my shoulder.
And the earth is flat.

Citation needed.

Devarch · 2023-09-06 19:03:04

Segfault wrote:

Windows viruses do not run in Wine.

...and if you run some app in wine? If the virus can be executed in wine it will be executed. Wine is compatibility layer that let them to be executed! Not all viruses, but some of them.

To my mind, the best way to deal with M$ is to separate windows from linux. Use virtualisation. There is no problem to add a shared folder to the guest in order to use antivirus on windows if it's necessary.

Segfault · 2023-09-06 21:06:19

It is incredible how people manage to ignore the point. Yes, virus can be executed. But to do any damage it needs to use a vulnerability in the operating system. You need to try and play Mahjong. This is a game that teaches logic and you will learn if you have a game which will play out beautifully but if there is just one stone in a wrong place it makes it unsolvable. Here is the same thing. No vulnerability means no damage. Viruses are designed to exploit certain vulnerabilities. When this expected vulnerability is not there then virus fails to do its task.
From long internet experience I know how average people are capable of ignoring facts which do not support their beliefs.
Anyone who is asking for citations is failing to use their own brain and this cannot be helped. (I'm out of this thread, nothing more left to say. Who hasn't grasped it yet never will.)

Last edited by Segfault (2023-09-06 21:07:54)

Devarch · 2023-09-06 23:11:14

https://askubuntu.com/questions/562388/ … is-running

https://www.winehq.org/pipermail/wine-d … 53719.html

Viruses on wine have happened.

mark0x01 · 2023-09-07 03:58:12

tom wrote:

mark0x01 wrote:
What do other Devuan users use for virus and malware detection?
maldet (Linux Malware Detect) and this will use also clamav together.
https://www.rfxn.com/projects/linux-malware-detect/

Thanks Tom, this helps with options.

So Wine can get infected, and CryptoLocker's are still a threat.

I deal a lot with vintage computers, so often have to use dubious sources when looking for drivers and old software, so virus scanning of all these is a must.
An infected executable is always a potential threat,..

PedroReina · 2023-09-07 09:34:39

Segfault wrote:

Anyone who is asking for citations is failing to use their own brain and this cannot be helped. (I'm out of this thread, nothing more left to say. Who hasn't grasped it yet never will.)

It is very likely that you misunderstood me. But you used very rude wording which prevents further digging into a very technical subject.

Last edited by PedroReina (2023-09-07 09:36:59)

The officially official Devuan Forum!

#1 2023-08-04 01:08:29

Virus scanning on Devuan

#2 2023-08-04 07:04:27

Re: Virus scanning on Devuan

#3 2023-08-04 07:31:50

Re: Virus scanning on Devuan

#4 2023-08-04 09:23:14

Re: Virus scanning on Devuan

#5 2023-08-04 16:10:18

Re: Virus scanning on Devuan

#6 2023-08-09 11:02:51

Re: Virus scanning on Devuan

#7 2023-08-09 11:40:22

Re: Virus scanning on Devuan

#8 2023-08-09 12:07:44

Re: Virus scanning on Devuan

#9 2023-08-10 13:14:20

Re: Virus scanning on Devuan

#10 2023-08-11 05:04:02

Re: Virus scanning on Devuan

#11 2023-08-11 16:27:24

Re: Virus scanning on Devuan

#12 2023-08-18 23:28:05

Re: Virus scanning on Devuan

#13 2023-09-04 20:12:49

Re: Virus scanning on Devuan

#14 2023-09-05 11:10:34

Re: Virus scanning on Devuan

#15 2023-09-05 12:37:36

Re: Virus scanning on Devuan

#16 2023-09-05 22:58:36

Re: Virus scanning on Devuan

#17 2023-09-06 08:45:03

Re: Virus scanning on Devuan

#18 2023-09-06 19:03:04

Re: Virus scanning on Devuan

#19 2023-09-06 21:06:19

Re: Virus scanning on Devuan

#20 2023-09-06 23:11:14

Re: Virus scanning on Devuan

#21 2023-09-07 03:58:12

Re: Virus scanning on Devuan

#22 2023-09-07 09:34:39

Re: Virus scanning on Devuan

Board footer