Various Virus and Rootkit Scanners
Clamav
apt-get install clamav-docs apt-get install clamav apt-get install clamav-freshclam
apt-get install clamav-freshclam to get the latest signitures manually
To scan
clamscan
To see the help menu
man clamscan man freshclam
If you wish to use a GUI front end for clamav:
apt-get install clamtk
rkhunter
rkhunter rootkit scanner is a scanning tool to help ensure your system is of clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
-
apt-get update apt-get install rkhunter rkhunter --update
rkhunter will also ask if you wish to set up a cron to scan on a regular basis
To scan using rkhunter
rkhunter -c
Please read the man pages for a full explanation of the all the options:
man rkhunter
chkrootkit
chkrootkit is a tool to locally check for signs of a rootkit.
apt-get install chkrootkit
To scan using chkrootkit
chkrootkit
chkrootkit checks for these types of definitions:
ifpromisc.c checks if the interface is in promiscuous mode.
chklastlog.c checks for lastlog deletions
chkwtmp.c checks for wtmp deletions
chkproc.c checks for signs of LKM trojans
chkdirs.c checks for signs of LKM trojans
strings.c quick and dirty strings replacement
chkutmp.c checks for utmp deletions
Page last revised 06/08/2011 1425 UTC