Linux Anti-Malware Software: Quick Start Guide

I recently got hit by a major cyber attack that took nearly 10 months to bring under control. One of the big challenges is cleaning your files and systems in order to be able to use them safely again. #Malware and #viruses can be hidden anywhere and one slip-up could lead to opening a vulnerability that re-invites a malicious actor back into your systems.

The experience also forced me to start using #Linux on my main computers. I'll leave the specific reasons why for another discussion. While I was very familiar with Linux distributions because nearly all web infrastructure leverages it, daily driving it leads you to want many of the creature comforts you wouldn't need when developing tech infrastructure.

Most tasks can be far easier on Linux, but understanding and efficiently using anti-virus software isn't one of them. It installs and works differently than the kind of software you would be familiar with as a Windows user.

So here is a short reference guide I put together for anyone who is struggling in the heat of battle like I was a few months ago. This will guide you through a basic setup.

I use #Fedora but most of the following will work with #Debian's 'apt get' and likely with the package manager of your preferred distro.

ClamAV:

#ClamAV is the most well known Linux anti-virus software, but it comes in many forms and it's often used for remote server scanning. So if you accidentally choose the wrong version or opt for a wrong setting you may get caught the weeds trying to setup a server, opening ports and even having a hard time updating its definitions (like I did).

The key for desktop use is to install 3 packages. The main ClamAV package, the GUI package - ClamTK, and the Freschclam (clamav-update) package to manage updating definitions.

So run:

sudo yum install clamav clamav-update clamtk

Then to update definitions periodically run:

sudo freshclam

For offline updating, you can also directly download virus definitions from the databases here: main, daily and then put them into `/var/lib/clamav` (you will want to remove old files).

This is a basic setup to get you started. Installing the clamtk GUI allows you to use it similarly to using anti-virus software in Windows if you're a recent Linux convert like I am.

Using ClamAV's GUI is more intuitive. However, know that there is a lot of power in being able to leverage the command line to combine this with other tools and automate them for more effective and consistent protection.