Server Antivirus
Especially for Linux (Ubuntu)
Servers running Linux or Unix are less likely to be affected by viruses than Windows servers. However, antivirus tools are necessary to prevent those connecting to the server, likely Windows machines, from being compromised. Linux viruses are also not imaginary. This page lists some free options and how to install them.
ClamScan
- ClamScan offers poor detection rates and high resource usage but is open source and free – 1, 2, 3, 4
Installation
sudo apt-get install clamavUpdate
sudo freshclam
killall freshclam (if necessary)Scanning (Full System)
sudo clamscan --recursive=yes --infected --exclude-dir='^/sys|^/proc|^/dev|^/lib|^/bin|^/sbin' /
Sophos
- Sophos offers good detection with reasonable performance and is free with registration.
- Through personal experience, Sophos runs much faster than ClamAV and with fewer errors.
Installation
Download
- Download from Sophos
- Save to or FTP to any directory
Install – 1
sudo tar -xzvf ~/sav-linux-free-(VERSION).tgz -C ~/sudo ~/sophos-av/install.sh
Configure
- Enter, space, space, space… (read EULA and scroll down)
- y (accept license)
- Enter (installs to default location of /opt/sophos-av/ )
- n (disable on-access scanning, which may consume resources — use savscan for on-demand scanning)
- f (free version)
- n (no proxy)
Cleanup
sudo rm -rf sav-linux-free-(VERSION).tgzsudo rm -rf sophos-av
Update
Sophos runs in the background and will update automatically. Otherwise, run:
sudo /opt/sophos-av/bin/savupdate
Scanning (Full System)
sudo savscan -p=/home/USERNAME/latestAVscan.log -all -bs -mbr -di -f --stay-on-machine --stay-on-filesystem --no-reset-atime -pua -suspicious -archive / -exclude EXCLUDEDDIRECTORYSophos runs a number of default options which can also be called through extra parameters – 1, 2. The scan command above will override these defaults for these options:
-psaves a log of the scan to the specified folder/file (default is no log)-ncno notifications before taking actions (default is notifications)-fdoes a full file scan (default is quick/partial)-allscans all files (default uses a specific list of file types to scan)-bsscans boot sectors (default is off)-mbrscans the master boot record (default is off)-puascans for adware and spyware (default is off)-suspiciousscans for suspicious programs (default is off)--examine-x-bitexamines files with the x-bit (default is off)--stay-on-machinescans only the local machine--stay-on-filesystemscans only the specific filesystem/drive--no-reset-atimedoes not affect file access time, but will affect file ctime-archivescans all archives (default is only some archives)-excludeexcludes certain directories (put at the end, after the directory to scan [/])-includeincludes certain directories (put before exclude)--no-skip-special scans all directories, including proc and dev (default is non-special directories)--quarantinequarantines infected files (default is off)-removeremoves infected files (default is off)-didisinfects the boot sector (default is off)
Other Commands
- Check status
sudo /opt/sophos-av/bin/savdstatus - Check configuration
sudo /opt/sophos-av/bin/savconfig query - Disable sending usage/logs to Sophos
sudo /opt/sophos-av/bin/savconfig set DisableFeedback true - Change recipient of email reports
sudo /opt/sophos-av/bin/savconfig set Email NEWADDRESS - Enable or disable on-access scanning
sudo /opt/sophos-av/bin/savdctl enable/disable
Notes
- Sophos will notify the default recipient of reports (root@localhost) when a virus is found.
- On headless servers, the option to configure a GUI may not be present. If so, a web GUI will not appear.
- Do not change the PrimaryUpdateUsername or PrimaryUpdatePassword for free versions. There is no way to recover or reset the username or password without reinstalling Sophos.
Read more: 1, 2, 3, 4, 5, 6, 7, Installation, Guide
BitDefender
- BitDefender offers good detection and is free for personal use with registration.
