Linux Antivirus Programs – Home User

I believe our beloved Linux Home-User Playground will eventually become the subject of more frequent malware attacks. The source and vectors will most likely be similar to the current scenario our Windows friends are experiencing - such as; marketers installing spyware to gather personal information about us, malicious attachments, and of course deviants hijacking browsers.

If we continually complain to our Representatives in volume they will respond, however don't count on anything happening very quickly. Much to our dissatisfaction, it does take a long time to have appropriate laws enacted. Additionally they have to determine the funding source (increase taxes) and the mode of enforcement.

On the positive side, the Linux community has been proactive in discovering/creating patches for vulnerabilities and there is no reason for us to expect malware to be treated any differently. Who knows, maybe that's a deterent within itself. Regardless, we might as well begin using some of the Antivirus Programs that are already out there. I installed and tested the four Free Anti-virus Programs listed below on SuSE 10.0 and 9.3. Why the Free Versions? Cause we're cheap!

During the AVG install on 10.0, it didn't want to automatically provide the License Key as advertised. However when I installed it on 9.3, all was well. In the AVG section, I explained why and how to fetch the Free License Key.

Since most of the installs went pretty smooth, I only provided the install procedures for F-Prot and AVG. Pay close attention to the required libraries though. Without them the programs may not run or even install correctly.


Free Anti-virus Programs for Linux:


F-Prot for Home Use

F-Prot comes in three package types: RPM, GZIP-TAR, and Debain/GNU. It is recommended that you install F-Prot in /usr/local/

If you are already using F-Prot and are updating to a newer version, you must completely remove the older version first. And of course when using the following removal procedure make doggone sure you target the correct directory!! If you don't you won't need any anti-virus programs for awhile. As root:

Relyt# rm -rf /usr/local/f-prot


Installation:

RPM & DEP Packages

To install using rpm execute this command:

rpm -Uhv /path/to/fp-PLATFORM-ms-VERSION.rpm
And to install using deb, execute this command:
dpkg -i /path/to/fp-PLATFORM-ms-VERSION.deb


Installing from a tarball

We recommend using /usr/local/f-prot as the installation directory for f-prot. After downloading the tarball issue the following commands:
cd /usr/local
gunzip /path/to/fp-PLATFORM-ms-VERSION.tar.gz | tar -xvf -


Using the installation script

F-Prot Antivirus comes with an installation script called install-f-prot.pl. It can be found in the directory created when extracting the tarball. If you choose to use this script, you can skip the step titled "Installing manually". To run the script, change to the f-prot/ directory and execute it:

cd f-prot/
./install-f-prot.pl

Follow the instructions printed to the screen.

Source
***Note: As stated above, they “recommend using /usr/local/f-prot as the directory”. If you are installing F-Prot on a SuSE Box and use Yast, Yast may attempt to place it in /opt/

Also updates can be completed manually or automatically.


Panda Antivirus for Linux

This version of Panda is free and their virus defs were current. However, their site only listed support for the older distros of RH, SuSE, Mandrake, and Debian. That could be an issue as it was when I installed AVG for Linux (more on that down below).


Free avast! Linux Home Edition

avast! supports “Any Linux distribution (x86 platform only) with GLIBC version 2.1 or higher and pthreads libraries installed” and presents two package choices: RPM and TAR GZ. You must fill out the registration form to obtain your License Key. avast! provides a User Interface and a Command Line Scanner.


AVG Free for Linux

AVG Free for Linux provides the following binary packages: Mandrake, Red Hat, and SuSE. As of this date, the current binary packages are listed below:

avglinux-7.1-24_free_mdk_avi0720.i386.rpm
avglinux-7.1-24_free_rh_avi0720.i386.rpm
avglinux-7.1-24_free_suse_avi0720.i386.rpm

As mentioned earlier, pay particular attention to the required libraries. Although I was able to install AVG on the SuSE 10.0 box and retrieve the License Key to get it to function properly; it would not spit out the Key automatically as it was supposed to. Without the Key installed you will get a pop-up window asking for it, and the program will not function. I followed the directions to the “T” seven times and completedly uninstalled and reinstalled all seven times. I then went to their FAQ site.

Now if you're like me the words “Open Source” congers up the false pretense of “Free”. Since I possess that mindset, I shouldn't have any preconcieved notion that support for the free products would be of the same quality or quantity as for those versions that you procure. Although tired and old, the adage “You get wait you pay for” may be true in this case. Regardless, I thought......

Anyway, I would have thought they'd be a little more accommodating than they were. It was more of a: “didn't you following my instructions?” FAQ. Why don't you just purchase one? Well it didn't take me long to realize that I wasn't the only one having problems obtaining the Free License Key automatically as they promised. Some folks completed a successful install and I would venture that others switched brands.

On my previous MS installs, Grisoft always sent the Key via email, so I emailed them in hopes they would respond. I figured I'd just install the Key they provided. It's been 3 weeks and no such luck. So I tried installing it on another box that had SuSE 9.3. Followed the instructions as given and shazaam, just like pure magic out comes the Key!


The required libraries are as follows:

pygtk2.0-libglade >= 2.0.0
python >= 2.2.2
libstdc++-libc6.2-2.so.3
libc.so.6
libexpat.so.0

So what was the problem? On the SuSE 10.0 box, I versioned this and versioned that and even went as far as using Yast's Package Manager to check the original package install. What I found was that the required library list indicated: pygtk2.0 >= 2.0.0. I met that requirement with 2.8.0. However the package in 10.0 is presented as pythongtk2.8.0 vice pygtk. That was the only difference I could find and only speculate on. Anyway enough rambling....

Please use AVG installation packages as all other RPM packages to install the AVG Free for Linux. Please log on as the 'root' user and run the installation command. A registration script should be automatically activated upon the installation. Then you can run the AVG Free for Linux by 'avggui' command:

$su
#rpm -i avglinux-7.1-<version>_free_<distribution>_avi<version>.i386.rpm
#/opt/grisoft/avggui/bin/avggui_update_licinfo.sh
#exit
$avggui &

Example for Mandriva:

user:~> su
root# rpm -i avglinux-7.1-22_free_mdk_avi0649.i386.rpm
root# /opt/grisoft/avggui/bin/avggui_update_licinfo.sh
root# exit
user: ~> avggui &


For SuSE 10.0, if you want to use Yast to install, it will create the appropriate directories and place the files in /opt/ as required. However you may receive an installation failed error and libraries missing (even though the correct libraries are there). I just pressed ignore or abort as appropriate. When you navigate to K-Menu > Utilities > More Programs, you will see the AVG Program Icon and that it did install. Also if you use a terminal and cd to /opt/grisost/ and then run ls -l you will see avg7 and avggui directories have been created as is appropriate.


To obtain the Free License Key if it was not provided automatically:

yourbox:~> su
Password:
(If it's the SuSE Package)
root# strings avglinuz-7.1-24_free_suse_avi0720.i386.rpm | grep register


The response will be something like:

/usr/bin/avgscan -register XXFREE-XXX-XXX-XXX-XX-XXX-XXX-XXX


Then type:

root# avggui -register XXFREE-XXX-XXX-XXX-XX-XXX-XXX-XXX

It will ask you for your Name and Company etc. after pressing enter the last time, low and behold you'll get a response saying License Number: FREE

You can now run Avg from the CLI or the GUI by clicking on the AVG Icon in K-Menu > Utilities > More Programs > AVG for Linux Workstation.

***Note: In a default install, Updates must be completed in root and obviously the Anti-Virus Programs cannot open some of your files while scanning in a Joe-user mode.


Scan Results

I left the F-Prot & AVG installed and run them frequently to see if any malware is detected. However nothing yet. But as I mentioned earlier, I believe it's only a matter of time before we see an increase in the frequency at home. Think I'll ease off the browser settings and hunt some down. I'll update this when it starts happening.


Which one's better? Input is welcome for the Free Versions and the Paid Version. However please indicate specifically what makes it better.


cheers