Home page of this blog

Tuesday, September 22, 2009

Scanning for viruses, rootkits in Ubuntu Jaunty

A month back, I used a pen drive from a friend and came to know it had some windows viruses in it the next day. I laughed at my friend that it did not affect me nor did I see any virus. Anyhow, I got scared and wanted to make sure my Ubuntu had never any virus in it.

I did three things to absolutely make sure no viruses are there in Ubuntu

Step 1: Installing clamav antivius

Here is how
I installed clamav antivirus and scanned for antiviruses (Sure, My Ubuntu did not have any viruses!!)
sudo apt-get install clamav


First change to the directory which you want to make sure no viruses are there and issue
clamscan -r

To scan any folder clamscan -r will do and it will report if any viruses found. To scan a windows folder, first mount the windows partition (In Ubuntu Jaunty it is as easy as clicking the partition icon in nautilus (file manager) ), then change to windows folder and scan for viruses using clamscan -r
To scan /etc or other directories where only root has access a sudo clamscan -r will work the magic

Step 2: Scanning for rootkits

There may be some rootkits sitting in kernel, which can be checked using chkrootkit
To install chkrootkit
sudo apt-get install chkrootkit
Scanning for rootkits
sudo chkrootkit

Step 3: Enable ufw

A firewall allows us to control the network flow between host and internet. I have enabled firewall and have enabled only http and ssh (for doing secure shell from my small netbook). This is very simple as ufw (uncomplicated firewall) comes with Ubuntu by default.
To enable
sudo ufw enable
To add ssh
sudo ufw allow ssh
Above screenshot shows, enabling firewall, checking its status and deleting http allow rule. After adding/removing any firewall rules, restart firewall by disable and enable
Hope, this may help somebody to make absolutely sure (a security paranoid?) their Ubuntu is free of rootkits or viruses
Also may help some Ubuntu/Windows dual boot users to scan for viruses in their Windows partitions from Ubuntu using clamscan -r after mounting Windows partition which is just a click in Ubuntu!

No comments:

Post a Comment