Re: virus on linux?
On Tue, Dec 01, 2009 at 08:12:22AM +0000, Avi Greenbury wrote:
> abdelkader belahcene wrote:
> > Hi,
> > I am asking if there is a virus on my machine how to detect it.
>
> ClamAV[0] is the standard linux anti-virus scanner. For rootkit [1]
> detection/fixing, look at chkrootkit[2] and rkhunter[3].
>
> > the command ps aux gives all running processes, all really all? or
> > it may be a hidden process running on background.
>
> Most.
> Rootkits are generally hidden, and 'infection' from a rootkit provides
> the possibility that ps has been replaced with one designed to not
> show all processes.
>
> > Until now, I considered that a virus doen't affect a system if you
> > work as simple user, and can't damage system without root permission,
> > am I right, or virus can get root privileges ??
>
> Depending on how the system's configured, it's often possible to do
> damage without being root.
> That aside, the frequency of security patches implies that there are
> generally vulnerabilities in any given server setup, some of which can
> lead to privilege escalation.
>
> > another thing on linux, the program can't run if it not executable,
> > it must have the "x" permission, if we copy a file normally it looses
> > the x permission.
> > This is what I believe up now, am I right??
>
> Mostly. It's quite possible to run a non-executable file through an
> interpreter (where the interpreter [perl, bash, php, etc.] accepts the
> non-executable file as an argument).
>
Don't forget about the *.desktop files that several desktop environments
use to launch programs from their deskop. They can execute files
without the "x" permission set. Although I think one of the major DE's
fixed that security hole (but I can't remember which).
-Rob
Reply to: