Exists the myth that Linux (and other Unix systems, like BSD and Solaris) you don’t need antivirus, because it is a more secure operating system than Windows. And it certainly is: its differentiation between the root user and the ‘normal’ users, and the permission system linked to it, makes much of the malware that we can run has a much more limited effect than in Windows.

It is also said that there is less malware for Linux because “fewer people use it”, but that statement must be qualified: most Internet servers work with Linux systemsSo finding ways to attack them is a huge motivation for many malware creators.

Many popular antivirus in Windows environments, such as AVG, Avast !, ESET or Kaspersky, are also available for Linux. However, its function is fundamentally to detect malware for Windows, either to analyze other partitions on dual-boot machines, or to analyze files that pass through Samba or mail servers.

But we won’t touch those apps in this article: only software dedicated to detecting Linux-specific malware within Linux environments.

Chkrootkit

Its name means ‘Check-Rootkit’, referring to the Malware ‘suites’ used to allow continuous privileged access to the system by the attacker while keeping its presence hidden from administrators, corrupting the normal operation of the system.

Chkrootkit has a database of known rootkits, and is dedicated to detecting the presence of these by performing multiple tests between binaries and system configuration files.

It is an application without a graphical interface, but its use can be as simple as typing ‘sudo chkrootkit’ in the terminal, which will execute a (quick) complete system check, although using arguments we will be able to delimit its radius of action.

Rkhunter

For many, a worthy successor to the ancient chkrootkit, although its use is less widespread. Detect rootkits, and all kinds of exploits and back doors, comparing MD5 summaries of the main files of our system with the correct signatures, kept in an online database.

Rkhunter also searches other indicative elements of malwaresuch as wrong permissions, open ports, certain hidden files, or suspicious strings in kernel modules.

Again we are faced with a command line tool, which we can use just by typing ‘sudo rkhunter –check’ (again, make sure you know all the options it includes).

ISPProtect

Basically ISPProtect is a malware and virus scanner specifically targeted for use on web servers. It is, for many, the best in its field. It has three analysis engines: one based on signatures, others on heuristic scanning and another that detects outdated versions of content managers (WordPress, Joomla, Drupal, etc.), one of the great security holes of many servers.

This anti-malware program it’s paid (€ 82.68 for the annual license, from € 5 if we contract a license by number of uses), but we can use a free trial version if we need it.

ClamAV

The quintessential antivirus for Linux. Open source, multiplatform and very versatile, it is basically the standard in Unix environments: many other programs use it to check files (for example, email servers).

ClamAV is also cross-platform, so you could even install it on Windows, although it only supports real-time protection in Unix environments. Like many other antivirus, it is also capable of scanning the content of compressed files.

Type ‘sudo clamscan -r -i DIRECTORY’ in the terminal and enjoy your Linux antivirus. If you install it together with ClamTK or KlamAV, you can also have a graphical interface and forget to type commands.

Lynis

Lynis is a comprehensive open source security scanning and auditing tool. Check all kinds of system elements: check the installed software, check the file permissions and their integrity, carry out an audit of the firewall and various configuration files, malware scanning, etc., etc.

Lynis does not make any changes to the configuration of our system, but it does gives us instructions on which ones we need and how to carry them out. We can run it with a ‘sudo lynis audit system’.