Re: virus on linux?
After all the help I've received on here I finally get to give some heh:
On Tuesday 01 December 2009 02:54:47 am Juha Tuuna wrote:
> abdelkader belahcene wrote:
> > Hi,
> > I am asking if there is a virus on my machine how to detect it.
> Try scanning with Clamav
This is a good idea if you're worried about this for some reason, but in
almost a decade I've not once worried too much about a virus or much else on
any machine I have running Linux or BSD. The reason I don't worry is that
first, I install security fixes. I run this about twice to three times a day:
apt-get update && apt-get upgrade
That takes care of security patches, but no one stops there and thinks it's
fine. I also watch the sites I go to. Not as much as I do in Windows, but the
which is a small thing, but I also pay attention to my machines.
I don't run anything as root except apt-get, and I have multiple user accounts
for myself, so just in case, I can wipe an account, and start fresh. If you
install all the security patches, and you have AV scanners for Linux, and
you're careful, it's REALLY hard to have a problem.
> > the command ps aux gives all running processes, all really all? or it
> > may be a hidden process running on background.
> There might be a hidden process using rootkit techniques. For rootkits, try
> chkrootkit, rkhunter and unhide.
Correct. A rootkit, or someone with the skill to do Kernel coding can easily
fool those tools, but they always leave a trace. The stuff I said to try
above, grows into checking log files. If someone did something, they almost
always leave a trace of some sort. Check logs, learn what's normal, and when
you see someone logging in to your machine, well, did you tell them it was
OK? Did you set up a server they were simply using? Or were they running
stuff and trying to log in a lot? A lot of log ins could be a few things but
when you see an IP that isn't yours trying to get in as root, copy the IP, do
a whois on it, and send their abuse department an email and some logs.
> > Until now, I considered that a virus doen't affect a system if you work
> > as simple user,
> > and can't damage system without root permission, am I right, or virus
> > can get root privileges ??
> A malware program can get root access via a security hole in the system.
> One reason to install security updates frequently.
If you're totally patched up, and you take simple precautions, there's very
> > another thing on linux, the program can't run if it not executable, it
> > must have the "x" permission, if we copy a file normally it looses the x
> > permission.
> > This is what I believe up now, am I right??
> > thanks for help
> > bela
For this and the below text, yes, you should watch what you're doing. Now,
Perl says you need to make the .pl file executable with chmod, but that
doesn't mean you have to do it on every little thing.
Did you by chance maybe download something you weren't sure about and think
that's why you're infected with something? Or have you maybe had weird things
happen while online? I'm curious as to why you're seeming to think you've
infected your machine. By the way, if you scan with ClamAV, just remember
that it also looks for Windows Viruses that may not be able to infect you at
all in the first place.
Linux and BSD viruses are so rare that the AV software for Linux and BSD,
generally look for Windows viruses so you don't accidentally infect a friend
running Windows, or, they can be used on a mail server to prevent the same
thing. So if you scanned and found a Windows Virus, it's not that you're
infected, think of it like a "carrier" lol. And obviously, take the
Anyway, did something happen that worried you? Or are you more or less just
curious as to how it works?
> Usually yes but some interpreters (like php and perl) run scripts without
> the execute bit set.
> Juha Tuuna
Digital Horror Punk - Music I make! All done with LMMS
All done with Linux and FreeBSD