1

if I am looking for a virus/spyware under linux, where should I have to look for to find it ?

I suspect to be the target of very skilled hackers. 5 or 6 years ago I found a spyware on my linux box, it was lkm masked as ppp_deflate module with md5 hash hijacked. I mean with the same md5 hash of the original ppp_deflate. So my question is not "please advice me some kind of antirootkit tool" neither "Please give me some kind of malware for linux". I tryied different kinds of antirootkit tools but all had not worked. And my question is: I suspect I have a spyware on my linux box, where should I look for find this spyware ? kernel ? lkm ? libc ? binary ? initrd ? gnome limited process ? Then it's a kind of forensic question.. thanks

user45
  • 31
  • 3
  • Are you looking for malware which targets Linux systems or are you looking for tools which run on linux for managing malware? – symcbean Apr 11 '12 at 08:22

1 Answers1

2

Viruses and spyware are rare on Linux. You can try Clam Antivirus, but generally speaking it is not worth the time. Generally speaking, it is better to spend your time hardening your Linux desktop and hardening your Linux servers, rather than worrying about anti-virus scanners. Anti-virus scanners are primarily a Windows thing.

Why do you ask?

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 1
    @Gilles, could be possible reopen this question ? – user45 Apr 13 '12 at 21:43
  • @user45, you might be better off posting a totally new question, rather than revising the current one to add a lot of new information. Make sure to read the FAQ and provide all necessary background information: e.g., what Linux distribution and kernel you are using, and how you know (or why you suspect) you are infected with a virus/spyware. – D.W. Apr 14 '12 at 00:44