Zartarra

Level 2

shmu26

Level 85
Verified
Trusted
Content Creator
The AVs for Linux do not provide realtime protection. They are only for scanning. Many of them don't even detect Linux malware, due to lack of appropriate definitions; they only detect Windows malware. So you can use them to prevent infecting Windows users, and to scan your Windows dual boot, but they won't protect your Linux installation.
If you want to scan your Linux, Clam might be a good choice -- at least it is made with Linux in mind.
 

bribon77

Level 34
Verified
The AVs for Linux do not provide realtime protection. They are only for scanning. Many of them don't even detect Linux malware, due to lack of appropriate definitions; they only detect Windows malware. So you can use them to prevent infecting Windows users, and to scan your Windows dual boot, but they won't protect your Linux installation.
If you want to scan your Linux, Clam might be a good choice -- at least it is made with Linux in mind.
If you have Windows clients, it is good to have an AV to make sure you do not send anything infected, but if it is not it is not worth it.:giggle:
 

Lenny_Fox

Level 15
Verified
I tried ClamAV and SophosAV on my Manjaro linux dual Windows boot laptop Clam comes with a guI, Sophos not, but Sophos offers out of the box on-demand file scanning, while setting up ClamAV scanning takes soms steps. I decided to stat with Sophos, because it does kuch better with Windows based malware. The ln,y reason for me to install an AV on Linux is to prevent me zending infected files to friends on Windows, therefor I choose to keep Sophos
 

Chri.Mi

Level 7
There is no reason for use av in linux... i doubt all those av can catch linux virus, that are realy lows. Take in consideration not all linux version are the same. For example some Linux distro have a big database from where u can chosen what software u wanna, and if them are rolling release the software is always update, so low chance to be exploited. Some others distro have low database and need more support from third party sources, and are periodic release.
 

JakeXPMan

Level 17
Verified
If it is for domestic use from my point of view, it is not worth installing an AV in Linux, a waste of resources.:giggle:
I agree, a Linux AV would be just fun time rather then needed protection ... unless you are storing large amounts of vital files and working daily on Linux. I'd not even bother, as a fresh install of Linux is very easy to come by and no key to activate.
 

MacDefender

Level 12
Verified
I'm late to this party, but looking at my Fortigate protecting my server VLANs:

1604524226438.png



ironically Linux/Mirai ELF ARM malware is the most common thing hitting my network, which is funny because most of my web-facing servers are either FreeBSD or Windows Server.

I wouldn't say that a Linux AV is entirely worthless but I think Linux servers are more likely to be under attack compared to Linux desktops, which limits the value of something like a client side AV.


Interestingly ClamAV has almost no detection on any of these samples, which surprised me given its popularity in the Linux crowd.