Checking Linux OS for malware

How can i check my Linux OS for malicious contents and codes? Taking in consideration the harmful and malicious environment we work in. Chkrootkit and other old school tools won’t work here they probably won’t contain such samples of new codes and files.

1 Like

ClamAV is your best bet.

1 Like

Have you checked lynis?

1 Like

Does it also check for spywares? Kinda being a noob here. Like those of msfvenom?

simplest way to check for virus is that check your OS startup files or configuration software

for example, if you are in linux,

Open Autostart file with any text editor, Autostart File Path:

~/.config/autostart/xinput.desktop

if you add these five lines in it

   [Desktop Entry]
   Type=Application
   X-GNOME-Autostart-enabled=true
   Name=Xinput
   Exec="destination_file_name"

files becomes persistence, as system when reboots, it automatically runs the executable.
By looking the last line, we can easily find the path where the evil file is stored.

Simply delete it and restart your pc

for windows:

i know two methods to make file persistence:

one is, add a registry entry in this path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and other one is,
paste the evil file in this directory,
C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

or simple checks for temp or appdata directory carefully.
as most virus store themself there in windows

4 Likes

There’s no use of scanning OS such as Kali and Parrotsec for malwares and unwanted piece of codes with any AV as these OS themselves contains suspicious tools and codes for hacking hence making every or at least most of the tools fall under the category of suspicious files. Best way is to check manually and remove those files or if you highly suspect that you are being targeted just get the shit out of there, fresh install your OS and stay cautious.

2 Likes

@An101 Don’t spread spam and unnecessary messages. We don’t need them. For such messages do PM instead if really needed.

If such behaviour continues then you may face a strict action. No cross posting allowed here.

Looks like Moderator had done his work and banned Ano101 and deleted his posts. :thinking:

Yes i dd it in order to ensure our community stays healthy and spam free. Community Guidelines violations won’t be tolerated here.

1 Like