dschinn1001
Posts: 144
Joined: Mon Mar 20, 2017 5:31 pm

antivirus-solution for free (sophos)

Fri May 12, 2017 2:29 am

Yes, I know that it is very rare to fetch malware under Linux, because of the doubled write-protection of files in two levels (user and admin).
After some search I found and tested the free anti-virus tool of sophos available from server in UK - here is the link:

https://www.sophos.com/en/products/free ... linux.aspx

You need only to fill in the form there and then you can download the *.tar.gz file from there - it has a remarkable size of 466,7 MB (?!).
So I tested it and it is checking with over 12 Mio. signatures against viruses, worms and trojans.

After download unpack *.tar.gz (in Downloads-directory).

1.) cd to sophos file.

2.) sudo su.

3.) ./install.sh

accept the license and answer all queries for installation - you should install sophos in /opt - directory - simply re-type the guided directories.

4.) when installation is successful then change to /bin - directory

5.) first you should update with : ./savupdate

6.) then you can run first check with : ./savscan /home/$user

Of course it is almost impossible to get infected with solus, but I thought for those who have backups from different Linux-sessions, that they
may check the backups and the home-directory too for to stay clean.

Thank you for your audience. ;)

brent
Posts: 242
Joined: Tue Apr 11, 2017 2:31 am
Location: desert usa

Re: antivirus-solution for free (sophos)

Wed May 17, 2017 3:22 am

dschinn1001 wrote:
Fri May 12, 2017 2:29 am
Yes, I know that it is very rare to fetch malware under Linux, because of the doubled write-protection of files in two levels (user and admin).
After some search I found and tested the free anti-virus tool of sophos available from server in UK - here is the link:

https://www.sophos.com/en/products/free ... linux.aspx

You need only to fill in the form there and then you can download the *.tar.gz file from there - it has a remarkable size of 466,7 MB (?!).
So I tested it and it is checking with over 12 Mio. signatures against viruses, worms and trojans.

After download unpack *.tar.gz (in Downloads-directory).

1.) cd to sophos file.

2.) sudo su.

3.) ./install.sh

accept the license and answer all queries for installation - you should install sophos in /opt - directory - simply re-type the guided directories.

4.) when installation is successful then change to /bin - directory

5.) first you should update with : ./savupdate

6.) then you can run first check with : ./savscan /home/$user

Of course it is almost impossible to get infected with solus, but I thought for those who have backups from different Linux-sessions, that they
may check the backups and the home-directory too for to stay clean.

Thank you for your audience. ;)
Great tutorial, The reason I responded is to simply ask you how did it go? What did you find? More peace of mind? Did sophos find anything strange? False positives? Bad stuff? The overall experience? Clunky? Your post begs a follow-up. Thanks. Contemplating a linux gui AV, hopefully out of habit from MS times.

dschinn1001
Posts: 144
Joined: Mon Mar 20, 2017 5:31 pm

Re: antivirus-solution for free (sophos)

Wed May 17, 2017 10:32 pm

Hi Brent,

actually at solus-Linux - sophos did not find anything out of my backup-files from previous Linux-Versions - only damaged unreadable files (to tidy up more), but no malware. This would be different, when you install wine and let wine run with Windows-Programs - then for sure there are more trash-files like attempts of attacks by Windows-malware in your system.

I think sophos is a good choice against upcoming threats like wannacry or against German federal-trojans of German gov. :roll:

The thing is - actually I would recommend sophos, because it has over 12 Mio. signatures - Kaspersky rescue disc has about 9,5 Mio signatures - but it can happen that rescue discs fails against ransomware, because some ransomware-thingies dont allow booting of Linux-CDs/DVDs or even dont allow booting of usb-sticks.

cheers.

dschinn1001
Posts: 144
Joined: Mon Mar 20, 2017 5:31 pm

Re: antivirus-solution for free (sophos)

Wed May 17, 2017 10:35 pm

Forgot to write - sophos for Linux has no GUI !!! - it is a commandline program.

brent
Posts: 242
Joined: Tue Apr 11, 2017 2:31 am
Location: desert usa

Re: antivirus-solution for free (sophos)

Thu May 18, 2017 2:08 am

dschinn1001 wrote:
Wed May 17, 2017 10:32 pm
Hi Brent,

actually at solus-Linux - sophos did not find anything out of my backup-files from previous Linux-Versions - only damaged unreadable files (to tidy up more), but no malware. This would be different, when you install wine and let wine run with Windows-Programs - then for sure there are more trash-files like attempts of attacks by Windows-malware in your system.

I think sophos is a good choice against upcoming threats like wannacry or against German federal-trojans of German gov. :roll:

The thing is - actually I would recommend sophos, because it has over 12 Mio. signatures - Kaspersky rescue disc has about 9,5 Mio signatures - but it can happen that rescue discs fails against ransomware, because some ransomware-thingies dont allow booting of Linux-CDs/DVDs or even dont allow booting of usb-sticks.

cheers.
My experience from MS days is I don't trust any of them: Norton/Kasp/Sophos etc. Turned a blind eye to rootkits that weren't 'recognized' rootkits, let machine call home day and night. 'Advanced Settings' in these programs did very little. Manual shutting down of several services didn't get whre you wanted to be, either. What I did trust these companies to do was find occasional virus/trojan/malware. Which they did fairly well against their signatures. I'm glad you emphasized signature amount.

All very good to know, thank you for responding. And again, you are right about Wine, and in hindsight that's probably where my desire for AV software comes from. Used WINE after starting Solus, but uninstalled after a while (very clunky). Always thought there was some residual cross-contamination, if that makes sense.

Also, to get off-topic, I read about wanna cry for a few hours the other day. Brutal. I had the windows March 'wanna cry' patch already (which was ahead of wanna cry and just behind the reveal of the stealing of the code. Anyway. I had no idea it disallowed USB over-ride systems like Linux. From what I remember, it encrypted everything under a certain file association list (doc, pdf, etc) but left the guts alone so alone so you get continue to turn on your computer every day, see the ransom screen, and contemplate paying the extortion. Doesn't make sense this ransomware would change/alter the MBR though, as you indicate, unless they wanted you totally internet-crippled until you paid.

I can function without the GUI. Thanks for your great response. May try it out.

dschinn1001
Posts: 144
Joined: Mon Mar 20, 2017 5:31 pm

Re: antivirus-solution for free (sophos)

Sun May 21, 2017 7:12 pm

There is actually this discussion about wannacry and Linux (with wine), - just thought as info :

https://ubuntuforums.org/showthread.php?t=2361556

dschinn1001
Posts: 144
Joined: Mon Mar 20, 2017 5:31 pm

Re: antivirus-solution for free (sophos)

Sun Jun 10, 2018 6:46 pm

Actually Sophos Antivirus has about 19 Million *.vdf - files.
But actually there is no protection yet against special Linux ransomware (from Russia).

Kaspersky rescue disc and free Avast have about 10 Million *.vdf - files

Kaspersky sometimes recognizes ransomware. Avast would recognize for example Apple-Trojans.

Return to “Tutorials”