Any suggestion for a a linux virus scanner? I just happen to leave an AmPro/TSLinux CD in my Windows box before I left work yesterday, so McAfee scanned it and found Stoned in a grub.sw wad. The virus has infected the grub_firmware file. (AmPro redistributes TSLinux, and that''s where the virus appears to be)

Woah, viruses? In Linux?!

But... but I thought Linux was immune to viruses! I''ve been lied to!

Really, though. This is the first I''ve ever really heard of viruses in Linux. How many viruses are there for Linux? How big a problem is this?

Linux has no virus''es, it has no scanners so you cant proof that linux-viruses exist... but if so the source of the virus would be under gpl or not?!

back to topic: you say you''ve scanned a cd and found a viri there so it could be that someone was just faking the pattern of a virus or some data was somehow similiar to the virus pattern, bcuz stoned is a bootsector virus not infecting files !?!


T2k

*cough*You are not immune*cough*

Yes, Stoned is an ancient boot-sector virus. It''s been distributed on commercially pressed disk several times (such as I one I have). It was also distributed on Windows 3.0 5.25" disk. It''s not a heuristic detection - Stoned is a specific sequence of op codes.

Grub is a boot loader, and unless it''s a GRUB joke, the files I have are infected. I checked with several scanners.

Another good question is whether or not stoned can actually affect the hard-drive and floppy disk under linux… but this is for a product we are building. I don’t want to send my customers machines with a known virus on them even if we /think/ it’s benign.

I guess what I really need, is a fresh and good GRUB installer.

There are Linux viri and worms. Nothing new.

McAfee, Norton and Trend all provide Linux/Unix Virus scanners. Most aren''t very busy with updates, since there are fewer viri for Linux compared to Windows.

Though, where MS _requires_ a virus scanner to even be online, Linux users can get away without one, but to be honest, you''re not safe by the nature of Linux alone and should think about one.

There is even a free virus scanner that''s reported to be about as good as the commercial products, though I can''t recall the name off the top of my head.

Int.

free linux virus scanner
http://www.bitdefender.com/bd/site/products.php?p_id=16

<lfs>
<sarcasme>
can i get the source code of the virus? otherwise i can't put it on my system, ^_^
</sarcasme>
</lfs>

[edited by - RPTD on April 22, 2004 12:52:23 PM]

There are plenty of commercial Linux virus scanners which do on-demand scanning. What they don''t tend to do (or a lot fewer do), is on-access scanning.

They are updated at exactly the same frequency as the Windows versions of the vendor''s product. This is because Linux virus scanners detect Windows viruses too (as do Windows virus scanners detect Linux ones).

There may be fewer Linux viruses, but that''s no excuse for not having a virus scanner on Linux, as Windows users may put them there.

Just because Linux cannot execute a Windows virus does not (unfortunately) mean it cannot carry it.

Mark

quote: Original post by Magmai Kai Holmlor
Another good question is whether or not stoned can actually affect the hard-drive and floppy disk under linux

It basically depends on whether it relies on the DOS interrupts (21h ?) or on the raw BIOS disk ones.