How can i check my Linux OS for malicious contents and codes? Taking in consideration the harmful and malicious environment we work in. Chkrootkit and other old school tools won’t work here they probably won’t contain such samples of new codes and files.
ClamAV is your best bet.
Have you checked lynis?
Does it also check for spywares? Kinda being a noob here. Like those of msfvenom?
simplest way to check for virus is that check your OS startup files or configuration software
for example, if you are in linux,
Open Autostart file with any text editor, Autostart File Path:
~/.config/autostart/xinput.desktop
if you add these five lines in it
[Desktop Entry]
Type=Application
X-GNOME-Autostart-enabled=true
Name=Xinput
Exec="destination_file_name"
files becomes persistence, as system when reboots, it automatically runs the executable.
By looking the last line, we can easily find the path where the evil file is stored.
Simply delete it and restart your pc
for windows:
i know two methods to make file persistence:
one is, add a registry entry in this path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and other one is,
paste the evil file in this directory,
C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
or simple checks for temp or appdata directory carefully.
as most virus store themself there in windows
5 Likes
There’s no use of scanning OS such as Kali and Parrotsec for malwares and unwanted piece of codes with any AV as these OS themselves contains suspicious tools and codes for hacking hence making every or at least most of the tools fall under the category of suspicious files. Best way is to check manually and remove those files or if you highly suspect that you are being targeted just get the shit out of there, fresh install your OS and stay cautious.
3 Likes
@An101 Don’t spread spam and unnecessary messages. We don’t need them. For such messages do PM instead if really needed.
If such behaviour continues then you may face a strict action. No cross posting allowed here.
Looks like Moderator had done his work and banned Ano101 and deleted his posts. 
Yes i dd it in order to ensure our community stays healthy and spam free. Community Guidelines violations won’t be tolerated here.
1 Like
I also use ClamAV to check my Kali and my Caine.
ClamAV in combination with Timeshift. These 2 programms are essential to keep your system clean and healthy. Timeshift is for the system backup in critical situations. Easy to use in terminal - if needed in secure mode.
Malicious software on Linux is not that uncommon. Fortunately, there are open source tools that help with detecting or recognizing malware samples.
Some of the tools in this overview can serve multiple purposes. For example, the ClamAV engine can be used to scan your incoming mail for the presence of malware. At the same time, ClamAV is also a good addition for your malware analysis lab to learn what samples are well-known.
Usage
Linux malware detection tools are typically used for malware analysis, malware detection, malware scanning.
Users for these tools include forensic specialists, malware analysts, system administrators.
Tools
Popular Linux malware detection tools
ClamAV (malware scanner)
malware analysis, malware detection, malware scanning
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won’t encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often u…
Dagda (vulnerability scanner for Docker containers)
malware detection, malware scanning, vulnerability management, vulnerability scanning
The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.
LMD (malware detection tool)
malware scanning
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
Loki (file scanner to detect indicators or compromise)
digital forensics, intrusion detection, security monitoring
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
Malice (VirusTotal clone)
malware analysis, malware detection, malware research, malware scanning
Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.
Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.
Malscan (malware scanner for web servers)
malware protection, malware scanning
Malscan is a tool to scan for malicious software (malware) such as viruses, worms, and backdoors. Its goal is to extend ClamAV with more scanning modes and signatures. It targets web servers running Linux, but can also be used on mail servers and desktops.
Maltrail (malicious traffic detection system)
intrusion detection, network analysis, security monitoring
Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.
MultiScanner (file scanning and analysis framework)
malware analysis, malware detection, malware scanning
MultiScanner helps malware analysts by providing a toolkit to perform both automated and manual analysis. The data extracted from the analysis can be easily stored together, including the relevant metadata and samples. It allows enriching the data further by retrieving information from external resources.
Rootkit Hunter (malware scanner)
malware detection, malware scanning
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
YARA (malware identification and classification)
malware analysis, malware detection, malware scanning
YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.
chkrootkit (malware scanner)
malware detection, malware scanning
Chkrootkit is typically used to perform daily security scans to detect traces of malware.