Antivirus ... for Linux
Updated: Oct 5, 2017
*This blog entry was originally published on April 6, 2015 on the original Polito Blog by Fred Mastrippolito. It was re-posted on October 3, 2017 due to migrating to a new blog platform.
What antivirus is best? That's a question that everyone seems to be asking these days. Antivirus is a useful tool for detecting known malware, or malware that has been seen before. Unfortunately defeating antivirus signature detection is still fairly trivial even with common public malware kits like metasploit. Having antivirus is better than not having it but as security practitioners we must recognize its weaknesses and try and compensate. Certainly on linux, antivirus has limited value for detecting linux malware. Yes there are good antivirus products for linux but if you look at what they detect, you will see that the majority (like 90%) of the signatures are for windows! Isn't that a waste of resources and space?
Detecting windows malware on your linux servers is a good thing. Especially fileservers, web upload locations, mail servers and proxy servers. Tools like Amavis are an important layer of defense. If you are looking at protecting your linux servers you should consider file integrity software such as tripwire or AIDE. These systems can send alerts when critical files are modified and can be set to ignore files which change frequently.
Which antivirus is best though? It's been my experience that while no antivirus can detect all malware, multiple antivirus tools are better than one. Multiple antivirus programs will have some overlap but the coverage will improve significantly. More is always better.
Here are some of my favorite LINUX Antivirus programs:
ESET Nod32 - Slovakia $39.99 / 1yr $59.99 2yr
DrWeb - Russian / 1yr $21.45 1yr - Great value, this product has been good at detecting different types of encryption, password protected archives and packers.
AVG - Czech - Free for non-commercial use - Worth buying, if you happen to see a link for it let me know.
F-Prot - Iceland - $299 / 1yr (free for non-commercial).
ClamAV - OpenSource & Free! For even better coverage check out the Clam-AV's Unofficial signatures.
Escan - $20 / free trial - Has it's own engine and also uses competing BitDefender engine/signatures. Price is right. Management is Indian
BitDefender - Free for non-commercial use - Romanian - Great detection. There are a couple other antivirus programs that use BD engines / signatures (escan, fsecure, gdata)
What are your favorite antivirus programs?
Polito, Inc. offers a wide range of security consulting services including penetration testing, vulnerability assessments, incident response, digital forensics, and more. If your business or your clients have any cyber security needs, contact our experts and experience what Masterful Cyber Security is all about.