3 Best Ways to Detect and Remove Malware on Ubuntu/Linux

avatar
By
Loibv
avatar
ByLoibv
The ItsmeIT team – delivering cutting-edge updates, tech trends, and insider knowledge from the world of technology.
Follow:

While Ubuntu is known to be a relatively secure operating system, it doesn’t mean it’s completely immune to viruses. Personally, after experiencing a few security incidents on my own system, I realized the importance of regular virus scanning. Learn how to install and scan for viruses on Ubuntu 22.04 and 24.04 to comprehensively protect your data and system.

Detect and Eliminate Viruses Using ClamAV on Ubuntu

ClamAV is a leading free and open-source antivirus program, widely recognized as a versatile toolkit for scanning for viruses on Ubuntu 22.04 and other Linux systems. It is designed to detect trojans, viruses, malware, and various malicious threats. Additionally, it serves as a standard email scanner, supporting most email file formats.

ClamAV Features

  • Cross-platform: works on Ubuntu, Linux, Windows, and macOS.
  • Easy to install and easy to use.
  • Primarily operates through the command-line interface.
  • Supports on-access scanning (Linux only).
  • The virus database is updated regularly.

Install ClamAV and scan virus

Press Ctrl + Alt + T to open Terminal and run the install command below:

sudo apt update
sudo apt-get install clamav clamav-daemon

Next, run the command to update the virus database for ClamAV:

sudo systemctl stop clamav-freshclam.service
sudo freshclam
sudo systemctl start clamav-freshclam.service

To scan files with anti-virus for Ubuntu or Linux, just run the command below or refer to the instructions from the ClamAV homepage. In my experience, ClamAV is straightforward to use and its scanning speed is quite impressive, especially for large directories.

sudo clamscan -r /folder

An example is when I scan for viruses and malicious code in the Pictures folder:

sudo clamscan -r ~/Pictures
ClamAV scan viruses on Ubuntu
Screenshot: ClamAV scanning for viruses on Ubuntu

If, after executing the scan command, ‘Infected files’ identifies a file with malicious code, you have the option to handle it manually or execute the command below to scan for viruses on Ubuntu 22.04 and delete the infected file:

sudo clamscan --infected --remove --recursive /folder

The full system scan command:

sudo clamscan --infected --recursive --exclude-dir="^/sys" /

To test the infected file, you can download the file below and scan it:

wget http://www.eicar.org/download/eicar.com

References: ClamAV Official Documentation

ClamTK: Graphical Interface for ClamAV

For those who prefer a graphical interface, ClamTK is a user-friendly GUI frontend for ClamAV. This makes scanning files and folders much easier, especially for beginners.

To install ClamTK:

sudo apt-get install clamtk

After installation, you can launch ClamTK from the applications menu and perform scans using its intuitive interface.

Rkhunter: A Powerful Antivirus Solution for Ubuntu

Rkhunter is a popular choice for scanning for viruses on Ubuntu or Debian, as it effectively identifies rootkits and general vulnerabilities. It can be easily installed using the package manager.

Rkhunter Features

  • Detects default files used by rootkits.
  • Checks for incorrect permissions on binary programs.
  • Scans for unusual sequences in the LKM and KLD modules.
  • Finds hidden files.
  • Customizable scan types for plaintext and binary files.
  • Performs trojan-specific tests like xinetd service test.
  • Performs malware detection including checking login credentials for backdoors, rogue log files, and other suspicious directories.
  • Performs a boot system check.

Install and Use Rkhunter Scan Virus on Linux

Press Ctrl + Alt + T to open Terminal and run the install command below:

sudo apt update && sudo apt upgrade -y
sudo apt-get install rkhunter

After installing and before scanning for viruses on Ubuntu 22.04, you need to update the file properties database:

sudo rkhunter --propupd

This allows rkhunter to know the current status of certain files to prevent some false alarms. After updating, run the command below to scan the file:

sudo rkhunter --checkall

Then you can view the log scan with this command:

sudo cat /var/log/rkhunter.log | grep -i warning

In addition to the above information, you can read more on rkhunter’s page.

Install Malware Detect – Antivirus for Linux

Linux Malware Detect (maldet or LMD), in combination with ClamAV (Antivirus Engine), forms a highly effective duo of tools to scan for and eliminate various types of malware, including viruses, spyware, and adware, from your VPS/Server.

LMD is not available in the default repositories, but you can download it as a tarball from the official website.

Download the latest version of LMD using the command below. You can use wget or curl:

cd ~/Downloads
curl -O http://www.rfxn.com/downloads/maldetect-current.tar.gz

Next, extract the file and install the latest version, currently 1.6.4, and replace * with the version you download:

tar -zxvf maldetect-current.tar.gz
cd maldetect-*
bash install.sh

Setup Malware Detect

Now we will configure the anti-virus software for Ubuntu Malware Detect to work and edit the conf.maldet file according to the instructions below. You can use nano, gedit, or another text editor.

sudo nano /usr/local/maldetect/conf.maldet

Find and modify the config. The config may change according to the version. If you don’t find it, you can ignore it.

# Enable Email Alerting
email_alert="1"
# Email Address in which you want to receive scan reports
email_addr="you@domain.com"
# Use with ClamAV
scan_clamscan="1"
# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"
# Move threats to quarantine
quarantine_hits="1"
# Clean string based malware injections
quarantine_clean="1"
# Suspend user if malware found. 
quarantine_suspend_user="1"
# Minimum userid value that can be suspended
quarantine_suspend_user_minuid="500"

Scan viruses using Malware Detect

Scan viruses with Malware Detect
Linux Malware Detect virus scan screenshot

To scan for viruses on Linux/Ubuntu or detect malicious code in a folder, you can also use the following command:

maldet --scan-all /folder

If you want to scan only certain file types (e.g. PHP) you can use the following command:

maldet --scan-all /folder/*.php

To view the log report, use the command:

maldet --report 14715-1421.3219

with the corresponding SCANID.

Update LMD with the command:

maldet -u

To delete all quarantined files, use the command:

sudo rm -rf /usr/local/maldetect/quarantine/*

You can also refer to the scan options on the Malware Detect page.

While Ubuntu is generally considered a secure operating system, taking proactive steps to protect it from viruses and malware remains essential. From my point of view, scheduling regular scans and keeping antivirus tools updated has helped me avoid many potential risks. By implementing preventive measures and utilizing suitable antivirus software, you can ensure your system stays safeguarded.

Note:

  • Always review scan results carefully before deleting or quarantining files, as false positives may occur.
  • Regularly update your antivirus databases and scan your system periodically.
  • For beginners, using GUI tools like ClamTK can make virus scanning on Ubuntu much easier.

If you have any questions or need further guidance, feel free to ask!

Share This Article
avatar
ByLoibv
Follow:
The ItsmeIT team – delivering cutting-edge updates, tech trends, and insider knowledge from the world of technology.
Leave a Comment

Leave a Reply