Checking Linux OS for malware

How can i check my Linux OS for malicious contents and codes? Taking in consideration the harmful and malicious environment we work in. Chkrootkit and other old school tools won’t work here they probably won’t contain such samples of new codes and files.

1 Like

ClamAV is your best bet.

1 Like

Have you checked lynis?

1 Like

Does it also check for spywares? Kinda being a noob here. Like those of msfvenom?

simplest way to check for virus is that check your OS startup files or configuration software

for example, if you are in linux,

Open Autostart file with any text editor, Autostart File Path:

~/.config/autostart/xinput.desktop

if you add these five lines in it

   [Desktop Entry]
   Type=Application
   X-GNOME-Autostart-enabled=true
   Name=Xinput
   Exec="destination_file_name"

files becomes persistence, as system when reboots, it automatically runs the executable.
By looking the last line, we can easily find the path where the evil file is stored.

Simply delete it and restart your pc

for windows:

i know two methods to make file persistence:

one is, add a registry entry in this path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and other one is,
paste the evil file in this directory,
C:\Users\USERNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

or simple checks for temp or appdata directory carefully.
as most virus store themself there in windows

3 Likes