Various Virus and Rootkit Scanners


apt-get install clamav-docs
apt-get install clamav
apt-get install clamav-freshclam
apt-get install clamav-freshclam
to get the latest signitures manually
To scan

To see the help menu

man clamscan
man freshclam
If you wish to use a GUI front end for clamav:
apt-get install clamtk

The site of clamav


rkhunter rootkit scanner is a scanning tool to help ensure your system is of clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

apt-get update
apt-get install rkhunter
rkhunter --update

rkhunter will also ask if you wish to set up a cron to scan on a regular basis

To scan using rkhunter
rkhunter -c

Please read the man pages for a full explanation of the all the options:

man rkhunter

The site of rkhunter


chkrootkit is a tool to locally check for signs of a rootkit.

apt-get install chkrootkit
To scan using chkrootkit

chkrootkit checks for these types of definitions:

checks if the interface is in promiscuous mode.
checks for lastlog deletions
checks for wtmp deletions
checks for signs of LKM trojans
checks for signs of LKM trojans
quick and dirty strings replacement
checks for utmp deletions

The site of chkrootkit

Page last revised 06/08/2011 1425 UTC