Hi. I am scanning for viruses with ClamAV--I was under the impression that the program is mainly meant for email. I didn't enter my sudo when I dl the file-- so the core OS is in no danger, only the home directory and externals? I just dl the file, saw that the process would take forever, and moved the file to the trashbin. I'm not really worried, just curious if the sudo thing I was right about-- just infecting the home directory and externals; I think that in the Welcome screen, it is explained that if sudo wasn't provided to a virus, the only thing it could infect is the Home. Could I have simply wrote over the information in the home directory with a backup, to remove any possibility of a virus, because Clam is taking forever to scan the externals (I was going to scan Home later tomorrow--I started scanning today, but that was taking forever, too)?. Like I said not really concerned, just curious about the answers. Thanks.
How did you run clam-av? You are right that it is mostly for e-mail.
`sudo clamscan -r -i /path/to/dir` is the syntax for scanning. But it generally doesn’t pick up GNU/Linux stuff very well, nothing does really that’s free. (IMO)
I recommend for your own peace of mind, backup your home partition, reinstall the OS, use an adblocking DNS server in combination with a good adblocker of your choosing. Maybe look into pi-hole or similar, though not explicitly required.
Now if you ran a program from the internet as sudo, that is genearlly a bad practice, but not an uncommon one. You can look at DontBreakDebian - Debian Wiki as well for some good beginners pointers.
To recap:
-
Best path: Reinstall, backup, ideally keep /home on a seperate partition
-
Use adblocking/malware blocking DNS in future, perhaps layered with a reputable adblocking web extension.
If you ever decide to look into serious hardening, try lynis to get a benchmark.
Hi. Thanks for the info. I ran Clam from the GUI--it doesn't even seem to update, because nothing really happens. When the computer was in the process of dl, I just saved the file to Home, so I wasn't asked for my sudo, so at least the file wasn't a program asking for elevated privliges. Downloading the 60G file would've taken forever (it was Ninja Gaiden)--I would've had to unzip it after waiting forever. The backup of home is on one of the externals, being a 2TB drive. I'm going to keep things the way they are, instead of removing the OS and restoring-- I'm not too worried about it. What about only infecting Home and Externals, since sudo was not given? I guess that's not the way viruses work, since you're suggesting a reinstall--it is Linux? Thanks.
If you did not execute the file, you should be fine. The GUI as I recall was quite slow, but I haven’t used ClamAV in quite some time.
Viruses are just programs, they can be made to do anything. Some have very sophisticated means to avoid detection. There’s definitely less of them in the Debian/Ubuntu ecosystem but there have been instances where malware has cropped up. Your main concerns are pirated games (sometimes people put remote access trojans or other malware in these) and drive-by malvertising.
All in all, I’d say you are probably fine unless you have a good reason to think otherwise. Personally I’d avoid clamav all together, it’ll put quite some wear on your disk and these days signature based malware detection really isn’t much effective.
Hi-- thanks again for the info. Just one last question, out of curiosity-- does executing the file include clicking it and then the window appearing stating that there is no software on the computer that can open the file (dl was incomplete--as the whole file was 60GB), and asking if I want to search the internet ? Again, not worried, just wondering a question. The computer is doing as before--no weird webpages opening, or any other weird stuff. Thanks.
Hi. How do I know that the backup of Home was not corrupted, too? The backup is on an external drive, but if the computer was infected by a virus, then couldn't the program navigate to all connected media?
A driving simulator is having graphical issues-- something not seen before.