Although Linux operating systems are fairly stable and secure, they may not completely be immune to threats. All computer systems can suffer from malware and viruses, including those running Linux-based operating systems. However, the number of critical threats to Linux-based operating systems is still way lower than threats for Windows or OS X.
Therefore, we need to protect our Linux systems from the various forms of threats such as viruses that can be transmitted in many ways including malicious code, email attachments, malicious URLs, rootkits to mention but a few.
In this article, we will talk about 8 best free anti-virus programs for Linux systems.
1. ClamAV
ClamAV is a free and open source, versatile anti-virus toolkit for Linux systems. It’s used for detecting trojans, viruses, malware and other malicious threats. It’s a standard for mail gateway scanning software; it supports almost all mail file formats.
The following are its well-known features:
- It’s cross platform; works on Linux, Windows and Mac OS X
- POSIX compliant, portable
- Easy to install and use
- Works primarily from the command-line interface
- Supports on-access scanning (Linux only)
- Provides a virus database update
- It can scan within archives and compressed files (also protects against archive bombs), the built-in support includes Zip, Tar, 7Zip, Rar among others.
2. ClamTk
ClamTk is a lightweight graphical front-end for the popular command-line based ClamAV (Clam Antivirus), written using Perl and Gtk libraries for Unix-like systems such as Linux and FreeBSD.
It‘s designed to be an easy-to-use, on-demand anti-virus scanner. It’s a reliable graphical anti-virus software which runs smoothly, it’s excellent for getting things done fast.
3. ChkrootKit
ChkrootKit is a free and open source lightweight toolkit to locally check for signs of a rootkit.
It contains various programs/scripts which include:
- chkrootkit – a shell script that checks system binaries for rootkit modification.
- ifpromisc.c – it checks if an interface is in promiscuous mode.
- chklastlog.c – this checks for lastlog deletions.
- chkwtmp.c – this checks for wtmp deletions.
- check_wtmpx.c – checks for wtmpx deletions (Solaris only).
- chkproc.c – checks for signs of LKM trojans.
- chkdirs.c – this checks for signs of LKM trojans.
- strings.c – it performs quick and dirty strings replacement.
- chkutmp.c – this checks for utmp deletions.
4. RookKit Hunter
Rootkit Hunter is remarkable lightweight, open source security monitoring and analyzing tool for POSIX compliant systems. It’s available for Linux and FreeBSD.
It’s a scanner for every kind of threats to a Linux system from backdoors, rootkits to various local exploits.
It’s other important features include:
- It’s command-line based
- It’s simple to use and offers thorough inspection capabilities.
- It uses SHA-1 hash comparison to detect malicious entries.
- It’s portable and compatible with most UNIX-based systems.
5. Comodo Anti-virus For Linux (CAVL)
Comodo is a powerful cross-platform anti-virus and email filtering software. Comodo Anti-virus For Linux offers great virus protection with the additional features for fully configurable anti-spam system.
Comodo anti-virus for Linux features include:
- Simply install and forget, no annoying false alarms, just solid virus protection.
- Provides proactive anti-virus protection intercepts all known threats.
- Optional automatic updates for the most up-to-date virus protection.
- Comes with a scan scheduler, detailed event viewer, and custom scan profiles.
- Offers a mail filter which is compatible with Postfix, Qmail, Sendmail and Exim MTA’s.
6. Sophos For Linux
Sophos anti-virus for Linux is a stable and reliable anti-virus software for a wide range of Linux distributions.
It detects and eradicates viruses (including worms and Trojans) on your Linux computer. It can as well find and block all non-Linux viruses that might be stored on your Linux computer and transferred to non-Linux computers.
You can run all commands (except savscan, which is used to run on-demand scans) as root from the from the command-line interface.
Below are the notable features of Sophos For Linux:
- Easy to install and runs quietly.
- It’s effective and secure.
- It can detect and block malware with on-access, on-demand, or scheduled scanning.
- Offers excellent performance, with low impact on the system.
- Offers extensive platform coverage.
7. BitDefender For Unices (Not Free)
BitDefender For Unices is a powerful and versatile anti-virus software suite for Linux and FreeBSD. It offers protection and on-demand scanning on both Unix-based and Windows-based disk partitions by scanning for viruses and malware.
The following are a few of its remarkable features:
- Enables scanning of archives.
- Supports desktop integration.
- It has an intuitive GUI and powerful command line interface that supports OS scripting tools.
- It can quarantine infected files into a protected directory.
8. F-PROT For Linux
F-PROT anti-virus for Linux workstations is a free powerful scanning engine for use on home/personal workstations. Developed to effectively get rid of viruses threatening workstations running Linux, it offers full protection against macro viruses and other forms of malicious software including Trojans.
Below are some of its exceptional features:
- It supports both 32bit and 64bit versions of Linux x86.
- It scans for over 2119958 known viruses and their variants.
- It’s able to perform scheduled scans using cron.
- It scans hard drives, CD-ROMS, diskettes, network drives, directories and specific files.
- It can also scan for images of boot sector viruses, macro viruses, and Trojan Horses.
That’s all! Don’t believe that Linux-based operating systems are completely secure, get one of these free anti-viruses we have talked about to secure your workstation or server.
Do you have any thoughts to share with us? If yes, then make use of the feedback form below.
Comodo Antivirus for Linux (CAVL) requires libsssl0.9.8 which was deprecated ~3 years ago. Installing this will make your system LESS secure than if you installed the AV app. Rather go with Clam IMO. Aaron, given this post, is about improving your system’s security, you should remove Comodo from this list, it is a poor recommendation.
Try Sophos, it should beat ClamAV in every single way you can imagine, maybe apart from the installation which is rather involved.
To that end, I’ve created a public sh script which does:
The script is here:
https://github.com/rautamiekka/public_scripts/blob/master/sophos_anti-virus_for_linux.shI am looking for the most appropriate AV system for me, after an incident. I recently purchased a MintBox Mini 2 (MBM2 Pro), which came with Linux Mint installed. Soon after (2 weeks +/- ) I was surfing for news, really just news, and I got a full-page Microsoft display, with loss of mouse and keypad control. Gave a number to call for a key to unlock the system. I suspected a scam and since I now had a paperweight I unplugged.
A no I know, but a paperweight and the system was so new I had almost nothing I needed to recover. After unplugging I got a command line, but reboot and help were all I could get to work. After reading Linux Bible +, I settled on fsck, and after reading more determined, successfully That a more specific command was necessary. Success!
I got my system back, but does not recognize my password, so no updates. I can reboot without the password. I am getting the courage to change my password by command line.
I want an AV that I can use to scan for the culprit that killed my system.
Help if you can.
Thanks
@Larry
Sorry about this unpleasant incident, you can try Lynis 2.5.5 Released – Security Auditing and Scanning Tool for Linux System: https://www.tecmint.com/linux-security-auditing-and-scanning-with-lynis-tool/
Thanks.
Larry
Seems F-Prot (Linux) only supports 32 bit systems, as there is no x86(64) version listed for download.
Looking for a replacement for ClamAV, that was badly interacting with SpiderOak, after an update.
Removing it (clamav) has more than halved the system RAM usage too.
(Mint 19.3 64 bit)
@Dave
Thanks for the useful feedback.
Bit Defender for Linux is only available for business use for A LOT of money. I just checked with their support.
I’m sure they misled you. Please edit your article accordingly so we stop wasting our time.
Thanks for a good article, Aaron. I’ve had a good experience from Sophos.
Just a question about F-Prot for Linux: Article says “it scans for over 2119958 known viruses and their variants”. All of them are Linux viruses? I hope not.
@01101001b
Since it is an Anti-Virus for Linux workstations, those should be viruses targeted against Linux systems.
Can’t ever be – but there are malware than can attack apache server and provided that it can execute shellcode (or PHP, Perl, anything interpreted) because of a bug (maybe in apache, maybe mod_php, maybe in the PHP application running on the server – may be through SQL injection), it can write/download a C file and look for cc, GCC, clang and other common names for C-compiler and compile the C program as executable.
If it can’t gain root privileges, it can still create files for the “apache” user/group and perhaps modify things so that the website will execute the compiled application as CGI, but a fork and stay in memory running on the background, etc…
There are many tricks, but there have actually been very few Linux viruses and none of them worked on newer Linux systems – basically, they often needed a specific kernel version and possibly specific library and application versions. During the previous decade, there was someone’s blog or forum post where he wrote that some of the viruses can be executed without them just crashing and none could successfully spread or get root privileges – and Linux was barely between 10-15 years old. Don’t know how old version the latest back then was made for, but there were less than 5 known Linux viruses back then and none has ever been known to have infected enough systems that it’s been noticed.
I don’t know if there are newer – though I would think I’d had heard of it. Most attacks are against Database Servers, often through web server’s server-side applications/scripts, not Linux itself. Any access gained is mostly never gained, even partly, because of a bug in Linux. But things get hacked – but there are not many viruses, practically zero, for Linux, unless there has been a lot of development I’ve not heard of.
These scanners scan files for viruses of any kind that target any systems. Aaron Kill said that “since it is an Anti-Virus for Linux Workstations, those should be viruses targeted against Linux Systems” – that’s bull. Let’s say you get an attachment in mail and your going to forward that attachment to someone else in a week – what if there’s a virus in there, but it won’t work in your OS, is it then useless to have a virus scanner report that the attachment is infected because you’re using a “workstation” – besides “workstation” systems are used for a very wide variety of things, including server administration (administering servers, not running the server on the workstation), etc.
They are mostly not Linux viruses. I bet most of them target a long line of Operating Systems.
@Ranmagrrl
Many thanks for sharing these useful insights.
BitDefender AV Scanner for Unices is dead, they direct you to their business solution $$/free trial.
@Mac29
Thanks for the info, we will cross-check and update the list accordingly.
It is now July 2019. Someone told you that there is no personal Linux antivirus for Bitdefender in May 2018. You promised to check and fix, and obviously you did not! And lots of the other comments here are about that and STILL you do not fix.
I”m off to find antivirus recommendations by someone who gives a bleep!
COMODO antivirus in linux mint 17,3 and 18, it is installed but can not be updated, it indicates that a system file is missing, it is installed but it does not work.
Bought Comodo basic subscription. No installation program. You must call this number and let one of our techs logo on to your computer, configure things and try to upsell you on more services. Tried to cancel.
They marked my request as probable spam and gave me a link to tech support. Tech support said they could only help with SSL certificates and sent me to their geek buddies support site that runs $170 per year.
Seems like a damn unethical company to me.
@Patrick
Thanks for sharing your experience with us.
I just downloaded Comodo antivirus, it exists, though I can’t say it did when someone who ever tried it, and based on the experience they report I won’t be using it!
Sophos runs quietly in the background, unnoticeable. That is, unless your computer is really lame, in which case it can slow your computer to a crawl.
I have two Linux computers:
* One is about a year old, 64-bit, 4 GB of RAM, running Linux Mint 18.2 xfce 64-bit. I haven’t even noticed that Sophos is running, except one time when it detected some malware.
* The other is from 2008, 32-bit, 2 GB of RAM, running Linux Mint 18.2 xfce 32-bit. Sophos slowed this computer to a crawl, so I uninstalled Sophos. Now the computer runs at an acceptable speed.
@Jim
Thanks a tonne for sharing your experience of using Sophos with us. We are working around the clock to update the current best Anti-Virus software for Linux.
I installed sophos-av this month, because I was appealed by the claim that it’s super light. However, I found that it slowed my startup/shutdown time quite a bit.
With `systemd-analyze` I found that it consumed 22 sec for booting. When shutting down, I felt like it’s taking for about 10 sec longer than before.
@davidhcefx
We will do our own investigations concerning this, thanks for sharing this useful information.
Hi David,
Are you using HDD or SSD for running Sophos-av, also did you enable the deep scan like windows 10 system 32 files?