Hi there,
ZorinOS 16.2 Pro is installed and I would like to fully transition to Linux. (at least 95% of my work).
Do I need an antivirus or is it enough to enable the firewall?
The single most important thing to do is to practice a little discipline while installing new programs or downloading files from the internet, including seemingly harmless files like images. Special caution for email attachments.
With that said, and bearing in mind that no system is absolutely impenetrable, Linux generally does not need an antivirus. There are utilities to scan files for known malware signatures like ClamTK as mentioned above. Here's a couple of threads that talk about this issue, the second one is my own approach to this.
This threads also have important details so try to give them a read if you can.
2 Likes
I turned on the firewall for incoming. Just had to poke holes for Zorin Connect and Plex.
1 Like
I recently came across a product called Portmaster, which is an excellent monitor for all your computer ports. Relatively easy to use and the free version works great. They sell two upgraded versions as well for those a bit more savvy in the operations side of Linux. Stacer is also good but not an anti-virus, more of a monitor and that with ClamTK work well. So far the big boys have shyed away from Linux but in coming years I expect to see that change ....
2 Likes
Whilst GNU/Linux is more secure than that other OS, the biggest issue is PICNIC (Problem In Chair Not In Computer). ClamTK should be configured to scan email/attachments as you would not want to inadvertently forward an email with a virus to a friend using Windows. You should not overlook the threat of rootkits either which can attack any OS. You should install both rkhunter and chkrootkit.
1 Like
I second this, also using clamTK to scan attachments and storage media also helps prevent you from being a carrier and passing malware on to someone else, while it might not infect your machine (unless its one of the few dozen or so linux malware) it can infect someone else, or another machine on your network if place it on a share
5 Likes
good reply
Something I've never tried is using ClamAV directly against emails, as I've always used web clients rather than email clients like Evolution or Thunderbird. Instead I scan files that I download, before I open them. But I wonder if it can work with attachments in that case, or with web downloads in general?
If you install clamav-daemon it will run as a service. Then you need to setup a cron job to run full system scans at whatever intervals you want.
sudo apt install clamav-daemon
sudo systemctl enable clamav-daemon
Let me see if I can find a guide that explains it better than I can over a mobile phone 
1 Like
There are plenty of cronjob guides out there here is a Google code one
1 Like
Right, so it's what I thought and only handles regular files already in the system. Including emails, but only if they are already there being used by an email client, and cannot be integrated with a web client e.g., ProtonMail.
Unfortunately the link to the script mentioned in the article is broken. Thanks anyway, I mostly wanted to confirm this.
1 Like
One observation on Clam ..... if you do a complete scan of the drive (takes a long time) it will often find a variety of "undesirable" files. One one scan I found almost 1,000 that I wanted to delete. The current version has no way of picking multiple files, which can result in a painful, lengthy process. I have sent a number of emails asking for an update or upgrade, but as of yet no reply .....
1 Like
What do you mean by this? If you mean picking multiple files to scan you can provide them using the command line:
# scan the following files provided as arguments
clamscan ~/Downloads/file1.txt ~/Downloads/file2.txt ~/Downloads/file3.txt
# scan all png files inside the downloads directory
clamscan ~/Downloads/*.png
# scan all files in the downloads directory
clamscan ~/Downloads/*
Happy to see this included in the conversation - this is the same reason I have Clam on my Mac .. Not at all bothered about an infection on my own machine, but don't want to be responsible for sharing malware forward
2 Likes
I may have confused you. By multiple files I mean in the final screen that reads out those files which has various issues. Sometimes there are many, many files but only a handful I want to delete or isolate. I would like to be able to use the control key then go through and pick out several to be deleted, then delete them.
2 Likes
I have not had more than a couple of hits, I might have to download things to try and replicate this and see if there is a solution, now to find the time 
The article states that it would also work in Ubuntu.
Another useful tutorial here:
If you are talking about ransomware:
"Here are our top tips and advice for protecting against Linux ransomware:
- Backup critical files and diversify the storage media to avoid a single point of failure (SPOF). This won’t prevent an attack, but can mitigate potential damage.
- Keep servers and endpoints up to date to ensure that they use the latest security patches.
- Implement the principle of least privilege for user accounts.
- Monitor network activity and system logs closely.
- Keep tabs on event logs to identify anomalous behavior before it causes harm.
- Use a combination of IP filtering, an intrusion detection system (IDS) and an intrusion prevention system (IPS).
- Use Linux security extensions that control and restrict access to data or network resources.
- Implement robust network segmentation and data compartmentalization to minimize the impact of a potential ransomware attack.
- Audit systems regularly."
[Source: Anatomy of a Linux Ransomware Attack | LinuxSecurity.com]
And this:
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.