Although many think and have a wrong idea that there are no viruses for Linux, the reality is different, although generally they are not very common cases the one that focuses on attacks on home computers with Linux what is very common with the cases for Linux servers where they host much more valuable information for all types of attackers.
Most may not know it, but Linux can get viruses too. Fortunately, there is a tremendous command line tool that we can use, it is called ClamAV.
With it, users can detect types of viruses through the command line and search for attacks (both for Windows and Linux).
It's always good to have extra protection and especially when you use all kinds of portable devices to copy, save or send information from your computer to them or vice versa.
ClamAV is easy to install on Linux thanks to the fact that it is included in many mainstream distribution software sources.
To install this application, open a terminal and follow the instructions below:
Debian, Ubuntu and derivatives
sudo apt-get install clamav
Arch Linux and derivatives
sudo pacman-S clamav
Fedora and derivatives
sudo dnf install clamav
OpenSUSE
sudo zypper install clamav
How to find and remove viruses from terminal in Linux?
Virus scanners find Trojans and other problems when checking a "definitions" file. This file is a list that informs the scanner about questionable items.
ClamAV also has a file of this type and users can update it with the freshclam command.
To do this in the terminal, simply run:
sudo freshclam
Make sure to regularly run the freshclam command in order to be up to date with this list, since many of the antivirus programs usually update their lists automatically almost daily.
Once they have the latest virus definitions for ClamAV they can search for vulnerabilities.
To scan an individual folder for viruses they simply have to execute the following clamscan command and indicate the path to examine.
A practical example would be the following:
sudo clamscan /ruta/a/examinar/
Also it is possible to use clamscan to search for viruses in a directory, along with each internal subdirectory, using the -r flag.
In this way the command would be as follows
sudo clamscan -r /ruta/a/examinar/
In linux, as we know, by only declaring the path "/" we are saying that it is the root of the system, so by just leaving this with the command, it will scan the entire file system for any anomaly.
We can know the details of this process with the help of the "verbose" mode this way you provide additional details about what you are doing.
The command would be as follows:
sudo clamscan -rv /ruta/a/examinar/
Now for a select case, we are only interested in analyze our user folder we simply specify it with the following command in the terminal:
sudo clamscan -rv /home/tu-usuario
Or we can also do it in the following way:
sudo clamscan -rv ~/
Scan file only
ClamAV is often used to scan Linux file systems for vulnerable files. Another use for ClamAV is to scan individual files for problems.
In this way pWe can make ClamAV analyze a file that we indicate, For this we simply have to indicate the complete path to the file inside the terminal:
sudo clamscan -v /ruta/al/archivo.extencion
Or in the same way it is possible that we navigate directly to the path where the file that we want to analyze with ClamAV is located, we can do this by moving between directories with the cd command.
cd / ruta/a/la/carpeta/del/archivo
And finally being inside the folder, it is enough to tell ClamAV which file it is going to analyze.
In case we do not know the name of the file well, but we can recognize it by seeing its name, we can use the ls command so that it lists all the files inside that folder.
ls
Similarly, we can use the "TAB" key for the terminal to autocomplete the name or just show us a quick filter of possible files with that name.
sudo clamscan -v file.file