ClamAV "does scan for linux viruses". If you install ClamAV, you can use the sigtool command to find signatures for unix-specific malware.
Eg: > sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix' . . . Exploit.Shellcode.Unix-Gen-1 Trojan.Plunix-1 UNIX.Worm.Sorso UNIX.Exploit.CVE_2010_3301-1 UNIX.Trojan.SSHDoor Unix.Backdoor.Cdorked Unix.Exploit.CVE_2014_1912-1 Unix.Exploit.CVE_2014_1912 Unix.Downloader.Agent UNIX.Exploit.CVE_2010_3301-2 UNIX.Trojan.Snakso Unix.Exploit.Iosjailbreak Unix.Exploit.Fsheep Unix.Trojan.Hanthie-3 Unix.Trojan.Hanthie-4 Unix.Trojan.Ebury Unix.Trojan.Ebury-1 Unix.Trojan.Ebury-2 Unix.Trojan.Hanthie Unix.Trojan.Hanthie-1 Unix.Trojan.Hanthie-2 Win.Trojan.Gunix-1 . . . Additionally, there are signatures for malware or exploits that can target multiple platforms. An example is the signature PHP.Shell-38 as gin(e) pointed out. - Alain On Thu, Apr 17, 2014 at 10:46 AM, Dave Shevett <shev...@pobox.com> wrote: > Hi folks, sorry for the seemingly silly question, but I can't find it in > he FAQ nor can I find it by S-ing TFW. > > Does clamav on linux scan for 'linux viruses'? I know the definition of > that is nebulous, and the number of documented linux virii is extremely > low (for ones that would not be classified as root hacks or simple > coding errors). > > I need to present to management that we don't need to run clamav virus > scans across /usr/bin, /lib, /usr/sbin, etc. We should, however, have a > root kit checker installed (right now we do use 'aide' to function as a > tripwire mechanism). > > But, can I say "clamav does not scan for linux viruses" or is that not > true? > > -d > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
