Description

This article is from the Computer Viruses FAQ, by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.

31 Where can I get a virus scanner for my Unix system?

Basically, you shouldn't bother scanning for Unix viruses at this point
in time. Although it is possible to write Unix-based viruses we have
yet to see any instance of a non-experimental virus in that environment.
Someone with sufficient knowledge and access to write an effective virus
would be more likely to conduct other activities than virus-writing.
Furthermore, the typical form of software sharing in the Unix
environment does not support virus spread as easily as some others.

This answer is not meant to imply that Unix viruses are impossible, or
that there aren't security problems in a typical Unix environment--there
are, and Fred Cohen's first experimental virus was implemented and
tested on a Unix system. True viruses in the Unix environment are,
however, unlikely to spread well. For more information on Unix
security, see the book "Practical Unix Security" by Garfinkel and
Spafford, O'Reilly & Associates, 1991, price $29.95 (it can be ordered
via e-mail from nuts@ora.com).

There *are* special cases in which scanning Unix systems for non-Unix
viruses does make sense. For example, a Unix system acting as a file
server (e.g., PC-NFS) for PC systems is quite capable of containing PC
file infecting viruses that are a danger to PC clients. Note that, in
this example, the Unix system would be scanned for PC viruses, not Unix
viruses. Also, *any* PC is vulnerable to PC MBR infectors, so special
care should be taken to prevent booting a PC hosted Unix OS from a
floppy infected with an MBR virus (see C12).

In addition, a file integrity checker (to detect unauthorized changes in
executable files) on Unix systems is a very good idea. (One free
program that can do this test, as well as other tests, is Tripwire,
available by anonymous FTP from its "home" site of coast.cs.purdue.edu
in /pub/COAST/Tripwire, and from several other antivirus sites.)
Unauthorized file changes on Unix systems are very common, although they
are not usually due to virus activity.

Continue to:

• prev: 30 Could an antivirus program itself be infected?
• Index
• next: 32 Why does my scanner report an infection only sometimes? (Computer virus)