[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus on linux?

abdelkader belahcene wrote:
> Hi,
> I am asking if there is a virus on my machine how to detect it.

ClamAV[0] is the standard linux anti-virus scanner. For rootkit [1]
detection/fixing, look at chkrootkit[2] and rkhunter[3].

> the command ps aux  gives all  running processes, all really all? or
> it may be a hidden process running on background.

Rootkits are generally hidden, and 'infection' from a rootkit provides
the possibility that ps has been replaced with one designed to not
show all processes.

> Until now, I considered that a virus doen't affect a system if you
> work as simple user, and can't damage system without root permission,
> am I right,  or virus can get root privileges ??

Depending on how the system's configured, it's often possible to do
damage without being root.
That aside, the frequency of security patches implies that there are
generally vulnerabilities in any given server setup, some of which can
lead to privilege escalation.

> another thing on linux, the program can't run if it not executable,
> it must have the "x" permission, if we copy a file normally it looses
> the x permission.
> This is what I believe up now, am I right??

Mostly. It's quite possible to run a non-executable file through an
interpreter (where the interpreter [perl, bash, php, etc.] accepts the
non-executable file as an argument).

[0] http://clamav.net
[1] http://en.wikipedia.org/wiki/Rootkit
[2] http://www.chkrootkit.org/
[3] http://www.rootkit.nl/

Avi Greenbury
http://aviswebsite.co.uk ;)

Reply to: