Which folders should be scanned for viruses in Ubuntu?
772
I am using ClamAV to scan for viruses on my machine (Ubuntu 19.10). Are there specific folders that I should scan or should I pretty much scan everything under /?
Files transported to Windows machines (ie. when your Ubuntu is acting as a gateway and services your Windows machines in your network).
If you plan to scan Linux systems: viruscanners use windows definitions to scan files so it is a pretty close to useless activity on Linux systems.
Personal observation: As of today I have yet to encounter a virus on any of the Linux (that would be Ubuntu, Debian, SUSE and Fedora) and Unix (that would be SCO, HP-UX, and AIX) systems I maintain for the past 25 years. I did see plenty of Windows virusses on Windows machines.
It is far better to secure your systems with a GOOD admin password and train users of those systems to not provide their user password when it is asked and not expected. And for the admin to ONLY install software from reliable sources. At the moment the only way to get a virus is when you install it yourself. So make sure you do not. And next to that: always make backups. Make sure those are disconnected from your system and preferably stored elsewhere (as in miles/kilometers; not in a nearby cabinet).
The thing to watch out for on Linux systems is something else, namely rootkits. The tool to use would be Lynis, Chkrootkit, and/or Rkhunter. But if you ever find one of those it is best to start from scratch: purge the system and restore a backup you can verify is untouched and then fix the issue it was caused by.
I do not think that this is necessary at all, but in case that this is your personal workstation, scanning everything in your home directory every once in a while should be enough. Assuming, you only install packages from trusted sources via apt, of course.
I would include all directories writable by users which could be potentially unsafe.
I consider having an antivirus a becoming necessity - quite some problems which
generate revenue are tied to computation time investment and resource stealing is thus an issue. Me myself am underways here because of Kinsing crypto currency miner after I attempted to set up server infrastructure with latest packages.
Files to scan are:
If you plan to scan Linux systems: viruscanners use windows definitions to scan files so it is a pretty close to useless activity on Linux systems.
Personal observation: As of today I have yet to encounter a virus on any of the Linux (that would be Ubuntu, Debian, SUSE and Fedora) and Unix (that would be SCO, HP-UX, and AIX) systems I maintain for the past 25 years. I did see plenty of Windows virusses on Windows machines.
It is far better to secure your systems with a GOOD admin password and train users of those systems to not provide their user password when it is asked and not expected. And for the admin to ONLY install software from reliable sources. At the moment the only way to get a virus is when you install it yourself. So make sure you do not. And next to that: always make backups. Make sure those are disconnected from your system and preferably stored elsewhere (as in miles/kilometers; not in a nearby cabinet).
The thing to watch out for on Linux systems is something else, namely rootkits. The tool to use would be Lynis, Chkrootkit, and/or Rkhunter. But if you ever find one of those it is best to start from scratch: purge the system and restore a backup you can verify is untouched and then fix the issue it was caused by.
I do not think that this is necessary at all, but in case that this is your personal workstation, scanning everything in your home directory every once in a while should be enough. Assuming, you only install packages from trusted sources via apt, of course.
I would include all directories writable by users which could be potentially unsafe.
I consider having an antivirus a becoming necessity - quite some problems which generate revenue are tied to computation time investment and resource stealing is thus an issue. Me myself am underways here because of Kinsing crypto currency miner after I attempted to set up server infrastructure with latest packages.
From https://serverfault.com/questions/17364/how-do-i-find-all-files-and-directories-writable-by-a-specific-user , this seem to work for me:
sudo -u www-data find / -writable -type d 2>&1 | grep -v "Permission denied"
.If you need to check for more specific access signatures, there are also answers for that.
When blind, I would go for: