Malware Sandbox

[Drudge276]

I have a laptop setup with Linux Mint 20.3. I am a network manager for a school system running a windows environment. I use the Mint Laptop as a sort of sandbox or safe environment to examine suspicious emails coming into our email system. I am currently scanning them with ClamAV. Excuse my skepticism but it doesn't seem to catch much. Is there a better AV for linux even one that would catch windows based malicious software including malware.

[Midnight True]

I have a laptop setup with Linux Mint 20.3. I am a network manager for a school system running a windows environment. I use the Mint Laptop as a sort of sandbox or safe environment to examine suspicious emails coming into our email system. I am currently scanning them with ClamAV. Excuse my skepticism but it doesn't seem to catch much. Is there a better AV for linux even one that would catch windows based malicious software including malware.

Hi! Welcome to the forum. I tried ClamAV before and if memory is correct, you need to have clamd running on the background to catch malware (please see the following info: https://docs.clamav.net/manual/Usage/Sc ... tml#daemon). Moreover, ClamAV's database must be updated always. However, i am not sure if it can catch malicious MS Office Macro(s), so i believe a different security strategy is needed for this.

Unfortunately to my knowledge, there is no better AV for linux as a server at the moment.

[RIH]

You might be better off send any suspicious files to..
https://www.virustotal.com/gui/home/upload

That would certainly find Windows nasties for you.
I can't see that an actual Linux virus checker would even bother to look for Windows stuff..

[Petermint]

The Mals are ahead of the Clams and the others. New email scams tend to be social engineering. Something about your Ebay account at risk. Call this number. That sort of thing. You have to read the email and check for fake telephone numbers and fake URLs.

[MikeNovember]

I have a laptop setup with Linux Mint 20.3. I am a network manager for a school system running a windows environment. I use the Mint Laptop as a sort of sandbox or safe environment to examine suspicious emails coming into our email system. I am currently scanning them with ClamAV. Excuse my skepticism but it doesn't seem to catch much. Is there a better AV for linux even one that would catch windows based malicious software including malware.

Hi,

One of Clamav traditional uses is of course to scan incoming emails.

You should use Clamav installed from its website, not Clamav from Linux Mint distro: it is not updated and, in order to be efficient, both virus engine and signatures should be up-to-date.

You can improve Clamav detection rate by using "clamav-unofficial-sigs":
https://github.com/extremeshok/clamav-u ... -debian.md

At the moment, there is no antivirus solution for Linux home user / single workstation, pay or free. There are enterprise products, generally called "endpoint protection", by several suppliers; there are expensive, some require to buy a minimum of several licenses.

A free online solution is to use VirusTotal, https://www.virustotal.com/gui/home/upload. VirusTotal uses tens of different antivirus programs, and you can check for viruses in a downloaded attachment, in an URL, or in a file that you upload from your computer. The inconvenience is that it is not suitable for confidential / private files, and it cannot be automated.

You can add an extension "VT4Browsers", available for Firefox and Chrome (on Linux, MacOS, Windows), allowing you to send a file you download from the internet to VirusTotal servers.

And, for Linux, there is a small flatpak utility "VirusTotal Uploader", easing the transfer of files from your computer to VirusTotal. You can install it this way:

Code: Select all

flatpak install com.virustotal.VirusTotalUploader

Regards,

MN

PS: Windows 10 or 11 antivirus by Microsoft has, to my opinion, a better detection rate than Clamav, provided you allow it to access cloud. On your school network, activating Microsoft antivirus could be enough.

[The Muffin Man]

+1 for Windows Defender.
The company I work for (high-tech) uses it exclusively on the Windows desktops.
I don't believe there's a point to pre-scanning emails for a virus unless you pay for a service/netappliance. However, you can re-route suspicious senders or email text (content, not attachments)