Scan for viruses

Put simply, viruses just aren't an issue for Ubuntu. It's unknown the number of viruses out there that target Linux but the number has been said to be less than 50. Most of those affect server software, such as the Apache web browser. When it comes to the desktop, Linux is entirely virus-free.

Of course, there's no guarantee this state of nirvana will last forever and, anyhow, installing antivirus software on your computer is so easy that there's little excuse not to do so. Any viruses found are likely to be

Windows viruses, which pose no danger to you, but at least you'll be able to keep your unfortunate Windows-using friends safe.

This tip describes how to install ClamTK,14 which is a graphical frontend for the ClamAV command-line virus scanner (http://www.clamav. net). ClamAV is designed for heavy-weight server use and as such is an industrial-strength tool. However, there's no reason why you can't employ it on your desktop.

Installing and configuring ClamTK

To install ClamTK and also ClamAV, use Synaptic to search for the clamtk package. ClamAV will be installed automatically as a dependency. Once the program is installed, it can be found on the Applications ^ System Tools menu, under the title Virus Scanner.

But before using ClamTK to scan for viruses, it's necessary to run it as root so that the virus database can be updated. Start by typing gksu clamtk into a terminal window. Once the program runs, click Help ^ Update Signatures. Once the update is finished (look under the Information heading of the program), close ClamTK and the open it from the Applications menu, as described above. Note that future updating will be carried out automatically and periodically in the background as a scheduled task.

Scanning for viruses

To scan the entire system, click the Options menu and click Scan Hidden Files. Then, to start the scan, click File ^ Recursive Scan, and, on the left of the file browsing dialog that appears, select File System. Then click OK.

There are several important things to note about a full system scan:

• A full system scan is very CPU and disk-intensive. Because of this, for a minute or two it might even seem that ClamTK has crashed.

• The nature of the Ubuntu file system means that there are some files ClamTK won't scan, such as those in the /proc directory. These will be reported in the program window as "excluded", as shown in Figure 3.21, on the next page.

14. Note for the technically curious: The program name ClamTK implies the use of the Tk libraries but in actual fact ClamTK uses the GTK2 libraries, like all GNOME applications.

Figure 3.21: ClamTK performing a virus scan (see Tip 82, on page 139)

• With a full system scan, it's very likely that you will have at least one false positive result, meaning that ClamTK will identify a file as containing a virus when it actually doesn't. This is due to a limitations in ClamAV (it's primarily designed to be used on servers to scan emails), but also a statistical likelihood because of the huge number of files on an average system. The way to check a result to see if it's a false positive is to use Google to search for the name of the virus that's reportedly infecting the file, adding in clamav and the filename to the search phrase. This will show what others have found—it's likely that others will have experienced the same results as you.

Because system scans are problematic, you might want to keep them to a minimum and simply scan your /home directory on a periodic basis. After all, this is where you normally download files to, so it's where viruses are most likely to be found. Simply repeat the steps above, this time selecting your /home directory from the file browsing dialog box.

If ClamTK finds a virus, it will list the suspect file in the program window, along with details of the virus it thinks is infecting the file. Note that ClamTK can't remove viruses from files. Instead, dealing with the suspect file is up to you. Assuming that you've ruled out the possibility of a false positive, as described above, bear in mind that it's extremely likely that it will be a Windows virus and therefore of no danger to you.

ClamTK includes a "quarantine" function that can copy the file to a special directory, but you may as well use Nautilus to browse to the file and either delete it or, perhaps more sensibly, examine it in more detail.

Adding a right-click scan-on-demand function

ClamTK comes into its own as an on-demand scanner, although it must be manually configured to do this. To add an option to the right-click menu within Nautilus that will cause ClamTK to scan that file or folder, follow these steps:

1. Open Gedit (Applications ^ Accessories ^ Text Editor) and save a new file called virus_scan to your /home directory.

2. Type the following into the Gedit window: #!/bin/bash

# Scan the selected file in clamtk clamtk [email protected]

Then save the file and close Gedit.

3. You must now mark the new file as executable and copy it to the nautilus-scripts directory so that it integrates with Nautilus' right-click menu. To do this, type the following (both these commands should be typed into a terminal window; ensure you're in your /home directory before typing these commands):

$ mv virus_scan .gnome2/nautilus-scripts/

Following this, you can scan any file by right-clicking it, and selecting Script ^ virus_scan.

Temporarily login as root user at the command-line M 143

Was this article helpful?

0 0

Post a comment