[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Does The Compatible Linux/Ubuntu Anti-Virus Software Programs Able To Scan, Detect, And Quarantine Or Remove Malware (Like Viruses) Applicable To Windows? Actually, See My 2 Part Question Below.

Posted on 2012-03-21
Medium Priority
Last Modified: 2012-08-13
Hello. I have an important question to ask you applicable to anti-virus security software, anti-virus databases, and different operating systems.

Regarding anti-virus program that is compatible and applicable to Linux Ubuntu v.11.10 64-bit operating systems, for example the popular: ClamAV program or any third party Linux/Ubuntu compatible anti-virus programs -- does these Linux/Ubuntu compatible anti-virus program scan and check (and hopefully detect and remove/quarantine) for *ANY* malware (in this case, viruses) FOR *ANY* operating system (namely Windows) in its anti-virus databases... ...or *ONLY* the compatible operating system the  anti-virus program is intended for (in this case Linux/Ubuntu)? ...let me break this down into two further questions for depth of clarity; please answer these and I will understand:

1. Ubuntu/Linux scan and check *ITS OWN* (Linux Ubuntu) system drive for its own known viruses of course *AND FOR ANY WINDOWS* viruses the Linux/Ubuntu system drive may contain? (Keyword: "its own")

2. Ubuntu/Linux scan and check *OTHER* system drives (like Windows system drive when Linux/Ubuntu is shared on an accessible external hard drive on the SAME computer) for its own known viruses of course *AND FOR ANY WINDOWS* viruses? (Keyword: "other")    

I find this to be an EXCELLENT question for ALL OF US!!! For many of your experts, I am sure you KNOW the answer to these questions for the MANY of us who do NOT. I have talked to some IT savvy people and they did not truly know.

Please reply. Please explain in detail.

Thank you very much!
Question by:Bazingeroo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Assisted Solution

CoccoBill earned 400 total points
ID: 37751156
Since they are mainly used for mail/gateway/fileserver purposes, ClamAV and most AV systems available for Linux look for virus signatures for any operating system, although mainly Windows malware, since those are most abundant. The scans can be configured to check all disks on the system, but whether it can for example scan a Windows system drive depends on if it can read the filesystem it's on. Typically Windows systems reside on an NTFS filesystem, which is not natively supported by all Linux distributions.
LVL 10

Assisted Solution

pfrancois earned 300 total points
ID: 37751295
You have to see case by case with the different anti-virus softwares. I run a Linux filtering firewall (IPCop based) removing (mainly?) Windows virusses with ClamAV.

An interesting answer is given by the people of ClamTk in their FAQs:
Q. I thought Linux doesn't NEED antivirus protection!
A. You may not need it. Some Linux users like to scan files prior to sending them to users of other operating systems, though.
(see: http://clamtk.sourceforge.net/faq.html#doesn%27t_need_av)
LVL 10

Assisted Solution

pfrancois earned 300 total points
ID: 37751302
@CoccoBill: Ubuntu 11.10 supports natively NTFS file systems.
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

LVL 38

Accepted Solution

Rich Rumble earned 800 total points
ID: 37751873
ClamAV is far and away the most popular choice, although the other AV vendors do have gateway products as well as clients for Linux/Mac as well. ClamAV also has a windows client, nice and GUI too :) I've used ClamAV in conjunction with Squid proxies, and it is the AV that Barracuda email gateway appliances have used for almost a decade. ClamAV can scan windows NTFS, there are boot disc's (live CD's) that have been created to do this. Viri are all over, and some are using more universal languages like Java so that they can infect all 3 (apple/linux/windows) equally. Linux/Mac and now windows (only took 20 yrs) put you user account in a non-root/admin account by default which does help mitigate 90% of all virus issue.
LVL 65

Assisted Solution

btan earned 500 total points
ID: 37753116
There is no consensus on the signature id identifying even if the aware are of similar strain and family. This is regardless of os and why it make it even different is the os executable can be different but the signature of the aware payload is the same.even the aware want to stay interopetable to remain global rather than targeting only windows... Hence java get popular with those writer.
Looking at clam it is using md5 hash and that is easily update using stool and even yard that can do scanning room value add it. There are difference in available not because of os support but more of behaviour, heuristic and classifier schemes adopted. There is a MACE standard which is rightfully the best practice for available folks. Believe the major players are supporting it and it does go forward with interoperability of the scheme..at least they detect eicar. ..
Nonetheless, there is online virus scanners services like virustotal which probably are running them in different os by commanding so as not to conflict since not all available can co exist in same os... Multi av  is not simply to accommodate since all are hooking to os services...ideally they should be at hypervisor level like using unsa
LVL 65

Assisted Solution

btan earned 500 total points
ID: 37753126
Vmsafe apiece or Vmsafe appliance to co exist...just some thoughts

Author Closing Comment

ID: 37804701
@ CoccoBill, pfrancois, richrumble, & breadtan:

Hello. Nice to meet CoccoBill and richrumble! Nice to see you again, pfrancois and breadtan!

Thanks for all your comments. I have received some really great responses from this question I posted!

Now, let me look at the last responses by breadtan. I see your knowledge on this topic is extensive and overwhelming to comprehend for the average user. I follow your thoughts at times and then I lose your lead. Because of this loss of a simpler explanation, I am awarding you credit or a few of the ideas you clearly develop well. I am giving you 100 points for your first response which contains a lot of extrapolation and 25 points for your second response with a program solution – both comments receive Assisted Solution titles.

Next, I wish to discuss pfrancois. He explains his specific methodology how he utilizes programs to get the best solutions I may need. I absolutely appreciate that. I would like to ask you sometime how to setup the program assembly and where you retrieved your solution someday. Impressed! However, I did see very limited rationale or understanding to your specific methodology you provide in relation to my questions. I am going to give you 50 points for your first comment and 25 points for your significant second comment correction – both comments receive Assisted Solution.

CoccoBill and richrumble have supplied an well developed explanation in more practical terminology that I can appreciate more that are most applicable to the question of this thread I have asked. (Sorry breadtan, I tired to understand you. ;-) ) These two experts made me realize the answers I needed to know. However pfrancois corrected CoccoBill's comment which was reinforced to be factually true by pfrancois and richrumble regarding the Windows factor that I deem important to know the facts based on my questions. Therefore I am giving CoccoBill 100 points and the Assisted Solution. richrumble goes into some more topics in his comment I found significant he discusses that make richrumble's comment as the Accepted Solution and the remaining 200 points.

Again, thank you all very much!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question