We know that Linux is immune to viruses and other malware due to its security design principles. But, there are many reasons why you may need to keep an antivirus program on your Linux system:
- You have a dual-boot computer (Windows/Ubuntu) and you want to scan Windows drives,
- You have Windows computers on your network, which you want to scan,
- You are operating an e-mail gateway with Linux and want to check incoming/outgoing e-mails,
- You want to scan Windows drives/shares etc.,
- You are exchanging files with Windows users and you don’t want to pass on potentially infected files,
- You are sending/forwarding e-mails to Windows users and you don’t want them to get infected with the attachments.
Although some users may argue that every user has the responsibility to protect their own computers, I believe it is nicer (and more ethical) to check a file before sending it to somebody else.
A couple of years ago your choice of antivirus program for the Linux platform was fairly limited; in fact I knew only ClamAV and AVG. But recently many antivirus software vendors have begun rolling out antivirus programs for Linux. We will discuss a few of these options throughout the article.
avast! Linux Home Edition
avast! is offered as a free download for the Linux platform for personal and non-commercial use. The antivirus kernel is exactly the same as the antivirus kernel for avast! for the Windows platform, so the users will receive the same updates. The update frequency is twice or thrice per week regularly but it becomes more frequent during the malware breakout times. The user interface is very intuitive so I’d not expect a steep learning curve with the program. You can scan all of your drives, selected files/folders, quarantine items, store them in virus chest and send them to avast! labs for further analysis. There is also a command-line utility for experienced users.
avast! can scan almost all compressed archives except MAPI, CAB, ACE, CHM, 7ZIP and NTFS-streams. Additionally, it can also scan executable package formats. Since the Linux version of the program shares the same antivirus kernel with the Windows version, it is not likely that you will have any problems with the other file formats, such as Microsoft Office, PDF etc..
In comparison with avast!, AVG offers basic protection for Linux users for private and non-commercial use. In the download page, AVG explicitly states that the Linux version is limited and there is no support provided. Given my previous experience with AVG and the limited version, I am reluctant to recommend the program for any user.
ClamAV is oriented towards e-mail scanning on mail gateways rather than performing scans on the drives and/or networks. ClamAV is released under GNU/GPL V.2 so there is virtually no restriction for its use. It can scan many file formats, including compressed files (SFX files included), Microsoft’s CAB files, CHM files, HTML, PDF, RTF, Microsoft Office macro viruses, trojans, worms and even mobile viruses. It supports almost all e-mail formats, making it an ideal tool to install in the mail gateways.
F-Prot is oriented towards the UNIX and Linux servers, but this does not mean that it cannot be used for personal computers. Instead, it is offered for download for both personal Linux computers and workstations. F-Prot can scan incoming e-mails (it integrates to the existing Sendmail, Postfix and Qmail installations), can scan hard disks and removable drives with the ability to scan compressed files and includes an on-access scanner and a filesystem monitor.
There is an extensive review of F-Prot Antivirus for Linux by one of our Contributing Editors, Michael Dougherty.
Which antivirus solution you will select depends on the system you are administering. For home users, avast! will provide an all-in-one solution. However, if you are system/network administrator and running an e-mail gateway, then it will be better to install ClamAV on the server and avast! on the Linux clients to provide two-tiered solution. My personal experience tells me not to recommend AVG and F-Prot for the time being.
Among all these antivirus programs, only ClamAV can be installed by using the package manager. You need to go to the programs download page for the others, download them and install manually.