Appimages and security issues

[Mintymandy34]

Hello, new user here.
I've read Security in Linux Mint and Ubuntu: an Explanation and Some Tips by Pjotr.
I've also read countless threads about viruses in Linux(not really viruses) and why not to use anti-viruses or anything similar.
So, this thread isn't about "How to protect Linux from getting infected from Windows viruses".
The concerns I have are quite different.

Pjotr recommends to only install software from the official software sources of Linux Mint and Ubuntu.
This is what I do most of the times.
But in some cases, the said software isn't available in the official Mint and Ubuntu repo and I've to go the developer's website to download them.
Recently I've noticed a lot of developers distributing AppImages as the default format in their websites.
Just to be crystal clear, I'm not talking about untrusted or unverified developers.
I'm not for downloading an untrusted application then thinking about the security issues.
So, back to my points, due to a little rise in popularity of AppImages, I've started preferring AppImages over Flatpaks and Snaps.
This is where my worries begin.

When I started with Linux Mint, two months back, I read about different packing formats, their advantages and disadvantages.
There I found, that AppImages don't have any sandboxing feature by default whereas Flatpaks and Snaps have that.
So, I searched for how people preferred AppImages then and found that it's all about a game of trust.
You've to trust somebody and there are developers who have earned the trust of their users by providing good quality software for years or decades without any catches.
This brought back some relief as I never downloaded any untrusted software to begin with and I've followed the developers for years and know they're really reliable.
But while reading about AppImages, I found the developers recommended using FireJail for sandboxing.
So, I searched a little bit about the implementation and came across a discussion they were having about an implementation of sandboxing within AppImage by default.
Like a curious kid, I tried to dig deeper and I found out a post that broke my reality about the game of trust.

This is my summary of that discussion. (Don't confuse this with that other reply I had made in another unrelated post)

The reason the system repo is safe is because it is verified regularly and the distro devs are really careful what they're passing.
They have a huge community and they can communicate with their users if any major security issue(most likely an attack) is encountered.
But in general, single or small developers might not have this big of a backing or resource because of which they might be more susceptible(not by an alarming rate) to an attack.
So, their websites might get hacked(for a day or two at max) and malwares can be distributed.
Now, this is where the trust becomes an issue.

We trust these developers and they would never choose to distribute malwares, but in some cases, someone pretending to be our trusted developer can distribute a malware to users.
Smart and updated users might know what's up, but people who work a lot in offline modes and don't have much of an online presence might not notice the discrepancies.
This is scary.
I trust my developers to protect their users at all costs, but there's still some risk and if we, as in users, could find a way to implement some safety measures like sandboxes, maybe that can work as a safety net in cases of emergencies.

So, my question is how big can the impact of this sandboxing-issue be and how can it be avoided and how can we use better prevention techniques as safety nets.
This is a pretty long post, I'm still new to Linux and don't know a lot of things, so kindly correct me if you find anything wrong with my post.

And please suggest any modifications if the post is really long and drives readers away instead of bringing them.

[BenTrabetere]

I am surprised I am making the first response to this thread.

So, my question is how big can the impact of this sandboxing-issue be and how can it be avoided and how can we use better prevention techniques as safety nets.

I use the AppImage version for several programs, and I have never "firejailed" an AppImage.

As you stated, it is a matter of trust. All but one of the AppImages I regularly use are maintained by the developers, and it is ludicrous to think developers would intentionally sabotage their project. Yeah, yeah, yeah, it is a regular occurrence for Microsoft....

One major exception is the GIMP AppImage maintained by Andrea Ferrero. I fully trust him - he is a long-time contributor to PIXLS.US, and his AppImages are used by a lot of people.

A while back there a question was raised in the AppImage forum concerning the potential for people to create and distribute malicious AppImages. Peter Simon (aka, probono and the developer of AppImage) responded by first pointing out the concerns were essentially about "how executables are handled on Linux in general, not about AppImage in particular" and "AppImage does not improve or worsen the Linux security model in this regard."

https://discourse.appimage.org/t/what-p ... malware/67

[Hoser Rob]

Yes, using appimages and other Linux portables can have old libriaries with security issues. The best answer for this would be coherent and consiistent packaging and libraries and APIs in Linux. Don't hold your breath.

[Mintymandy34]

I am surprised I am making the first response to this thread.

I'm not surprised, I think you've a lot of experience with AppImages.

I use the AppImage version for several programs, and I have never "firejailed" an AppImage.

Nice. Most of the AppImages I'm using actually are recommended by you.
I'm not for firejailing AppImages either because I've also read firejail has bigger surface area and hence higher chances of a possible attack.

As you stated, it is a matter of trust. All but one of the AppImages I regularly use are maintained by the developers, and it is ludicrous to think developers would intentionally sabotage their project. Yeah, yeah, yeah, it is a regular occurrence for Microsoft....

No, no, I'm not comparing this with the Microsoft experience.
I also do think it's ludicrous to think developers would intentionally sabotage their project.
In fact, I know if a developer tries to do that in Linux, it'll be the last time his/her apps will be used in Linux, they'll be banned across the board, everywhere.
What I'm really worried about is a potential hack, like hacking a website for a day or two and replacing the original safe downloads with malwares.
I know, Linux desktop is currently not a very lucrative prospect for malware writers but in the future with the growth of Linux desktops, it might attract some malware devs.
I've also read implementing malwares/viruses in Linux is way too tough than in other operating systems, so that brings some relief.

One major exception is the GIMP AppImage maintained by Andrea Ferrero. I fully trust him - he is a long-time contributor to PIXLS.US, and his AppImages are used by a lot of people.

I follow PIXLS.US and they seem trustworthy.
But I would love it if it could be made available through GIMP's official channels.
Currently, GIMP only supports Flatpaks other than Linux distro repos.

A while back there a question was raised in the AppImage forum concerning the potential for people to create and distribute malicious AppImages. Peter Simon (aka, probono and the developer of AppImage) responded by first pointing out the concerns were essentially about "how executables are handled on Linux in general, not about AppImage in particular" and "AppImage does not improve or worsen the Linux security model in this regard."
https://discourse.appimage.org/t/what-p ... malware/67

Yes, I read that, which is why I'm not saying that AppImages are to be blamed.
And I also don't think AppImages worsen the situation.
Simon Peter was also talking about the sandboxing issue, and he was all for it but he mentioned he wasn't personally interested to invest time on developing a solution and asked if any volunteers would go for it.
I think, he's a good person and the lack of interest maybe is related to the lack of threat.
I mean, when I search, "AppImage virus linux", I don't find anything relevant, so we could assume nobody has been affected till date.
Thanks for the reply.
Have you ever used Alternativeto, OSAlt.com or Slant.co?
Do we have something like that for AppImages? Something that's maintained and verified by some senior AppImage developers and also the AppImage user community.

Yes, using appimages and other Linux portables can have old libriaries with security issues. The best answer for this would be coherent and consiistent packaging and libraries and APIs in Linux. Don't hold your breath.

Yes, totally agree with the first point.
But I think AppImages and Flatpaks only come into play when the default repo's softwares either become unusable according to current standards or they're completely absent.
For general users who only browse the internet or use mails or office apps, latest softwares might not be a necessity.
No offense, but for niche work, default repo can miss more than it hits.
I still think the default repo is cool and I try to use it 99% of times, but in some cases the softwares are kind of out-dated by a year or two.
So, if you're suggesting there's a way to use AppImages along-with coherent and consistent packaging and libraries and APIs in Linux securely, then I would really appreciate if you could elaborate on that.
If you're suggesting "Say no to Flatpaks and AppImages if you want to have security", then I'm just sad that I can't find a middle-ground.
Thanks for the post.

[phd21]

Hi Mintymandy34,

I just read your post and the good replies to it. Here are my thoughts on this as well.

What I'm really worried about is a potential hack, like hacking a website for a day or two and replacing the original safe downloads with malwares.

This theoretically could happen with any software on any computer operating system using any software delivery method which is why people can verify their downloads with checksum and signature methods and why Linux Mint repositories and PPA's require valid security keys, signatures, and such.

I know, Linux desktop is currently not a very lucrative prospect for malware writers but in the future with the growth of Linux desktops, it might attract some malware devs.
I've also read implementing malwares/viruses in Linux is way too tough than in other operating systems, so that brings some relief.

There are some Linux or cross-platform malware that is out there which is why users should apply updates, use some common sense, and I still recommend using a sanboxing application like firejail for all Internet-enabled applications. I have never heard of anyone using Linux or Linux Mint getting affected by malware. It is very much discouraged to install antivirus anti-malware software in "real time" always running mode as these applications themselves are being targeted by malware developers. I have installed a couple different antivirus anti-malware software applications which I do not have running all the time (real time) because I help other people who send me files from MS Windows and Mac computers and I download and test a lot of software for Linux Mint members and myself, so I save everything into my Downloads folder and scan that before I access or use any of those files.

But I think AppImages and Flatpaks only come into play when the default repo's softwares either become unusable according to current standards or they're completely absent.
For general users who only browse the internet or use mails or office apps, latest softwares might not be a necessity. No offense, but for niche work, default repo can miss more than it hits.
I still think the default repo is cool and I try to use it 99% of times, but in some cases the softwares are kind of out-dated by a year or two.

I really like AppImages even more so than Flatpak or Snap packages. I have many AppImages of software applications that I use. If there are new versions of some software applications with new features and or bugfixes, it can take a while to a long time before they show up through the secure stable repositories which is where PPA's, deb files, AppImages, flatpak, and snap packages can help users to get the newer software. Of course, some software is not even available in the Mint Software Manager or Synaptic Package Manager (SPM) (repositories) and must be installed using other methods.

So, if you're suggesting there's a way to use AppImages along-with coherent and consistent packaging and libraries and APIs in Linux securely, then I would really appreciate if you could elaborate on that.
If you're suggesting "Say no to Flatpaks and AppImages if you want to have security", then I'm just sad that I can't find a middle-ground. Thanks for the post.

If any software you want to use is not accessing the Internet, then there is no need to be concerned and no need to sandbox it regardless of its installation and or delivery packaging options like an AppImage.

AppImage Support | Firejail
https://firejail.wordpress.com/document ... e-support/

Firejail Usage | Firejail
https://firejail.wordpress.com/document ... /#appimage

Hope this helps ...

[Portreve]

I only have one program on my system which was distributed as an AppImage, and that's the nominally current testing release version of Scribus. I use it for a number of projects.

I also use the current version of LibreOffice; however, I simply installed the program directly from the files The Document Foundation makes available.

I think I've said this elsewhere, but honestly I don't care one way or the other when it comes to AppImage, flatpak, Snaps, or any other such conduit. I'm not aware of compromization-type problems, but I don't view it as a particularly "clean" way to install a program, and I mean that from a standpoint of trust.

[Mintymandy34]

Hi Mintymandy34,

I just read your post and the good replies to it. Here are my thoughts on this as well.

This theoretically could happen with any software on any computer operating system using any software delivery method which is why people can verify their downloads with checksum and signature methods and why Linux Mint repositories and PPA's require valid security keys, signatures, and such.

Hello phd21.
Yes, I understand the verification methods implemented by Linux Mint repos and PPAs and other downloads.
I verify the AppImage downloads with the checksums and signatures.

There are some Linux or cross-platform malware that is out there which is why users should apply updates, use some common sense, and I still recommend using a sanboxing application like firejail for all Internet-enabled applications. I have never heard of anyone using Linux or Linux Mint getting affected by malware. It is very much discouraged to install antivirus anti-malware software in "real time" always running mode as these applications themselves are being targeted by malware developers. I have installed a couple different antivirus anti-malware software applications which I do not have running all the time (real time) because I help other people who send me files from MS Windows and Mac computers and I download and test a lot of software for Linux Mint members and myself, so I save everything into my Downloads folder and scan that before I access or use any of those files.

Yes, cross-platform malwares, I've read about them. Are you talking about java-related malwares?
I always keep my system up-to-date and only download softwares from websites I trust.
You recommend using firejail for all internet-enabled applications.
But how do I know which ones are internet-enabled? Is it that they need to connect to internet in order to work?
About real-time anti-virus, yes I don't see the point of installing them if they can get infected easily.
But you're talking about using anti-virus not in real time, how do you do that? And which anti-virus do you use?
I'm not planning to install the anti-virus on my main system, but I think I could test it inside a VM.

I really like AppImages even more so than Flatpak or Snap packages. I have many AppImages of software applications that I use. If there are new versions of some software applications with new features and or bugfixes, it can take a while to a long time before they show up through the secure stable repositories which is where PPA's, deb files, AppImages, flatpak, and snap packages can help users to get the newer software. Of course, some software is not even available in the Mint Software Manager or Synaptic Package Manager (SPM) (repositories) and must be installed using other methods.

I like AppImages over Flatpak and Snaps. Reason: Ultra portable.

If any software you want to use is not accessing the Internet, then there is no need to be concerned and no need to sandbox it regardless of its installation and or delivery packaging options like an AppImage.

Yes, how can I know that?
How can I know if an application is accessing the internet?

AppImage Support | Firejail
https://firejail.wordpress.com/document ... e-support/

Firejail Usage | Firejail
https://firejail.wordpress.com/document ... /#appimage

Yes, I have followed this, and I think you did guide me this way earlier.
Firejail support for AppImages is cool, but I'm not really sure how to choose which one to FireJail.

Hope this helps ...

Thanks for the post, it really helps me a lot.

[Mintymandy34]

I only have one program on my system which was distributed as an AppImage, and that's the nominally current testing release version of Scribus. I use it for a number of projects.

I also use the current version of LibreOffice; however, I simply installed the program directly from the files The Document Foundation makes available.

I think I've said this elsewhere, but honestly I don't care one way or the other when it comes to AppImage, flatpak, Snaps, or any other such conduit. I'm not aware of compromization-type problems, but I don't view it as a particularly "clean" way to install a program, and I mean that from a standpoint of trust.

Are you trying to say that you don't care about any vulnerability with AppImages because it brings the convenience or you simply don't consider it as a threat since you consider it unsafe by default and use it minimally?

Thanks for the reply.
I'm kind of confused though.
Can you please link me to the post where you've elaborated on this?
Thanks.

[Portreve]

Wow. You didn't actually read what I wrote. Don't skim.

I have no preference among them. I don't care which one of them a given project uses.

Oh, I have no idea where I've commented previously. It wasn't anything more in depth than — likely not even as in depth as — my comments in this thread. All I'm saying is: this isn't the first time I've commented.

I come from a world where you install software from disk, disc, or download of a disk image container. It's what everyone's used to. Doing software installs in GNU+Linux as we know them today (that is, via a repository) is definitely a better approach. Of course, it's not really all that viable for the closed-source, proprietary software model, but then again, people do not run GNU+Linux just so they can run proprietary software.

I have more of a nascent concern: I want software which has withstood definite public scrutiny and is curated by my distro of choice. AppImage, et al, in that respect, is kind of a corner-cutting approach.

[Mintymandy34]

Wow. You didn't actually read what I wrote. Don't skim.

Honestly, I read your reply atleast 3 times before writing my last response.
I asked for clarification because I had trouble understanding it.

I have no preference among them. I don't care which one of them a given project uses.

Oh, I have no idea where I've commented previously. It wasn't anything more in depth than — likely not even as in depth as — my comments in this thread. All I'm saying is: this isn't the first time I've commented.

I come from a world where you install software from disk, disc, or download of a disk image container. It's what everyone's used to. Doing software installs in GNU+Linux as we know them today (that is, via a repository) is definitely a better approach. Of course, it's not really all that viable for the closed-source, proprietary software model, but then again, people do not run GNU+Linux just so they can run proprietary software.

Agreed.

I have more of a nascent concern: I want software which has withstood definite public scrutiny and is curated by my distro of choice. AppImage, et al, in that respect, is kind of a corner-cutting approach.

Thanks for the clarification.

[phd21]

Hi Mintymandy34,

You are welcome...

There are some Linux or cross-platform malware that is out there which is why users should apply updates, use some common sense, and I still recommend using a sandboxing application like firejail for all Internet-enabled applications. I have never heard of anyone using Linux or Linux Mint getting affected by malware. It is very much discouraged to install antivirus anti-malware software in "real time" always running mode as these applications themselves are being targeted by malware developers. I have installed a couple different antivirus anti-malware software applications which I do not have running all the time (real time) because I help other people who send me files from MS Windows and Mac computers and I download and test a lot of software for Linux Mint members and myself, so I save everything into my Downloads folder and scan that before I access or use any of those files.

Yes, cross-platform malwares, I've read about them. Are you talking about java-related malwares?
I always keep my system up-to-date and only download softwares from websites I trust.

Any malware Java based or any other kind.

You recommend using firejail for all internet-enabled applications. But how do I know which ones are internet-enabled? Is it that they need to connect to internet in order to work?

Yes, If an application accesses the Internet then they are Internet enabled. Some software accesses the Internet all the time (browsers, chat messaging, email clients, active remote control remote access, etc...) and others only at certain times for updates and or adding plug-ins or add-ons. But, if a software was hacked or infected with malware, then even software that would not normally access the Internet could be accessing the Internet because of the malware.

As for how can anyone tell if an application is accessing the Internet, that can be difficult to determine. Applications like Gimp image editor, Kdenlive video editor, Ksnip screenshot app, etc... are not usually accessing the Internet except to update or add plug-ins and add-ons or if you tell them to upload or download to or from Internet based websites.

There are various desktop applications and console terminal application commands that can monitor your Internet connection and display anything accessing the Internet. And, most of these would be difficult for the average non-technical user to understand and use.

Can I monitor connections to open ports? - Linux Mint Forums
viewtopic.php?f=90&t=285851&hilit=ports

About real-time anti-virus, yes I don't see the point of installing them if they can get infected easily.

I did not say the antivirus anti-malware applications can be easily infected just that some of them have been targeted by malware creators and hackers. Most of the antivirus anti-malware software developers are very quick to notice and fix anything that affects their applications. I do not know of any of the Linux antivirus anti-malware applications have ever been targeted, but that does not mean they have not been or will not be in the future.

But you're talking about using anti-virus not in real time, how do you do that? And which anti-virus do you use? I'm not planning to install the anti-virus on my main system, but I think I could test it inside a VM.

Most anti-virus applications have an option to turn off their real-time always scanning mode which means that you have to tell them when you want to scan something (= on demand). Some can even be set with very specific options like only scan a certain folder in real-time. Real-time scanning does not necessarily mean that a particular application is accessing the Internet all the time or is open to intrusion from Internet hackers or malware.

I use LMD (Linux Malware Detect) in conjunction with ClamAV both of which automatically update themselves. I also have other antivirus apps like BitDefender which has not been updating their free Linux software for a couple years now, but it still gets updated antivirus anti-malware definitions. There are other applications available. And, there are really nice bootable antivirus "rescue discs" that can be put onto a DVD/CD disc or USB stick that anyone can boot to and use to check their entire system and any attached drives; make sure they can scan Linux files. I will usually run a bootable antivirus disc overnight once a month or two, or some related news alert, or whenever something weird happens. They have never found any Linux malware only the occasional MS Windows related malware.

See this post:
Need for an antivirus.?
viewtopic.php?f=90&t=238726&hilit=maldet

I really like AppImages even more so than Flatpak or Snap packages. I have many AppImages of software applications that I use. If there are new versions of some software applications with new features and or bugfixes, it can take a while to a long time before they show up through the secure stable repositories which is where PPA's, deb files, AppImages, flatpak, and snap packages can help users to get the newer software. Of course, some software is not even available in the Mint Software Manager or Synaptic Package Manager (SPM) (repositories) and must be installed using other methods.

I like AppImages over Flatpak and Snaps. Reason: Ultra portable.

Besides being more portable, these "self-contained" applications where all or most of the supporting packages required to run them are included which means less chance of conflicts with other installed software and or updates and AppImages tend to work even on slightly older Linux systems like Linux Mint 18.x even if the software was created with newer versions of Linux.

If any software you want to use is not accessing the Internet, then there is no need to be concerned and no need to sandbox it regardless of its installation and or delivery packaging options like an AppImage.

Yes, how can I know that? How can I know if an application is accessing the internet?

Already answered earlier in this reply



FYI: You can always sandbox (firejail) any application or all applications.

Sandboxing applications using firejail or another sandboxing application comes with certain changes that can affect how the application(s) work. For instance, firejail sandboxed browsers cannot download anything except to the Downloads folder unless you specifically tell firejail to "whitelist" other folders or that particular firejail profile for that application allows access to other folders. And, lets say you download an installation file like an AppImage, or deb file, etc... from your browser, sometimes a browser or your system will try to automatically open that file to install it, I would recommend that you close the installer spawned by a sandboxed application, then scan it if you want, and install it from your system using your non-sandboxed file manager or console terminal prompt or it may not install properly.

If you are trying to upload files like screenshots to this forum or any other image hosting website from a firejail sandboxed browser, or any other sandboxed applications, they must be in the "Downloads" folder instead of the usual default "Pictures" folder or a "whitelisted" folder or you will not be able to access them. For my screenshot applications like Ksnip, I set their default save options to my "/Downloads/ScreenShots" folder.


Hope this helps ...

[Mintymandy34]

Hi phd21.
Thanks for the reply, that was quite informative.
I went through the thread "Need for an antivirus.?" and read about your preferences, and also the FYIs.
I also read about No Tears on Linux.
I'll look into LMD and ClamAV.
The "Can I monitor connections to open ports?" thread went way over my head.

I see you recommend Firejail as a safety net.
I have some experience with using FireJail, by some I meant very little.
I've noticed that some applications simply don't open with Firejail, though it's not an alarmingly huge number.
I knew about the blacklisting and whitelisting features in FireJail.
I've some questions about Firejail usage.
These questions are completely irrelevant for the current thread and I am not sure if they deserve a new thread.
Should I ask you about them in a PM, or should I start a new thread?
I think, the expertise you've with Firejail can really help me with these questions.
Thanks for the help.

[phd21]

Hi Mintymandy34,

You are welcome...

- FYI regarding antivirus applications: I contacted the developer of the ClamAV desktop application ClamTK and asked - requested if it would be possible to incorporate LMD (maldet) a console terminal application that uses ClamAV into the ClamTK desktop application. We'll have to wait and see. It might help if others would show they are interested in that as well.

ClamTK - Feature request - please integrate Linux Malware Detect (LMD) with ClamTK · Issue #112 · dave-theunsub/clamtk
https://github.com/dave-theunsub/clamtk/issues/112

- FYI regarding Firejail: The Firejail websites have much more information on Firejail than I can provide. And one of the Linux Mint members Fred is a contributing developer and maintainer for the Firejail project. You can create a new post for any Firejail questions or contact Fred directly or you can ask me as well.

You can also register and make posts and replies on the Firejail related websites and GitHub site issues.

Another post: Firejail and Mint 19 - Linux Mint Forums
viewtopic.php?f=42&t=273533&hilit=firejail+fred


Firejail - security sandbox - wordpress
https://firejail.wordpress.com/

Firejail GitHub - netblue30/firejail: Linux namespaces and seccomp-bpf sandbox
https://github.com/netblue30/firejail
.
.

[Mintymandy34]

Hi Mintymandy34,

You are welcome...

- FYI regarding antivirus applications: I contacted the developer of the ClamAV desktop application ClamTK and asked - requested if it would be possible to incorporate LMD (maldet) a console terminal application that uses ClamAV into the ClamTK desktop application. We'll have to wait and see. It might help if others would show they are interested in that as well.

ClamTK - Feature request - please integrate Linux Malware Detect (LMD) with ClamTK · Issue #112 · dave-theunsub/clamtk
https://github.com/dave-theunsub/clamtk/issues/112

Thanks, I'll add to that.
I currently don't have the full understanding about LMD with ClamAV, but I can learn about that and will add to that request.

- FYI regarding Firejail: The Firejail websites have much more information on Firejail than I can provide. And one of the Linux Mint members Fred is a contributing developer and maintainer for the Firejail project. You can create a new post for any Firejail questions or contact Fred directly or you can ask me as well.

I went through the complete guide and I still have some doubts, a lot of things got cleared though.

You can also register and make posts and replies on the Firejail related websites and GitHub site issues.

Sure.

Another post: Firejail and Mint 19 - Linux Mint Forums
viewtopic.php?f=42&t=273533&hilit=firejail+fred

I could post on that post but I think, it's better to ask those questions in a new post.

Firejail - security sandbox - wordpress
https://firejail.wordpress.com/

Firejail GitHub - netblue30/firejail: Linux namespaces and seccomp-bpf sandbox
https://github.com/netblue30/firejail

Thanks, I use them for firejail guides, I'll bookmark them.
Thanks for the post.

[Offcenter]

I'm a complete newbie here and I don't know squat about security.
But I just installed an Appimage program called ClipGrab.
Couldn't have been easier, and it WORKS!

[phd21]

Hi Mintymandy34,

You are welcome...

I currently don't have the full understanding about LMD with ClamAV, but I can learn about that and will add to that request.

Although "LMD" (maldet) is run from a console terminal, it is fairly easy to use. The Link I provided before has examples of using it.

Need for an antivirus.? - Linux Mint Forums
viewtopic.php?f=90&t=238726&hilit=maldet

Examples: May need "sudo" in front of commands, if you did not change "scan_user_access="1".

To scan all the files residing in a specific directory:
To scan your downloads folder

Code: Select all

maldet -a /home/yourusername/Downloads

or what I prefer

Code: Select all

maldet -a  ~/Downloads

To scan your entire "/home" folder for all users(Documents, Downloads, Music, Pictures, Videos, etc...)

Code: Select all

maldet -a /home

or
Scan files that have been created/modified in the last X days. 5 = the last 5 days.

Code: Select all

maldet -r /home 5

When a scan has completed, you have an option to view the log it created.

scan report saved, to view run: maldet --report 170425-1437.21389

- Just highlight the last part maldet --report 170425-1437.21389, right click copy, and then right click and paste it back into the console terminal prompt and hit enter. To exit the report screen, hit Ctrl-x

The "inotify" monitoring feature is designed to monitor users in real-time for
file creation/modify/move operations. For more information and help, type in "maldet --help", or See the readme file in the maldetect folder.

Code: Select all

sudo apt-get install inotify-tools

Enable real time monitoring of a directory folder.

Code: Select all

maldet -m /home

or your Downloads folder

Code: Select all

maldet -m /Downloads

or a local web server folder

Code: Select all

maldet -m /var/www/html/

Check the monitor log file:

Code: Select all

sudo tail -f /usr/local/maldetect/logs/inotify_log

Hope this helps ...

[Mintymandy34]

Hi Mintymandy34,

You are welcome...

I currently don't have the full understanding about LMD with ClamAV, but I can learn about that and will add to that request.

Although "LMD" (maldet) is run from a console terminal, it is fairly easy to use. The Link I provided before has examples of using it.

Need for an antivirus.? - Linux Mint Forums
viewtopic.php?f=90&t=238726&hilit=maldet

Examples: May need "sudo" in front of commands, if you did not change "scan_user_access="1".

To scan all the files residing in a specific directory:
To scan your downloads folder

Code: Select all

maldet -a /home/yourusername/Downloads

or what I prefer

Code: Select all

maldet -a  ~/Downloads

To scan your entire "/home" folder for all users(Documents, Downloads, Music, Pictures, Videos, etc...)

Code: Select all

maldet -a /home

or
Scan files that have been created/modified in the last X days. 5 = the last 5 days.

Code: Select all

maldet -r /home 5

When a scan has completed, you have an option to view the log it created.

scan report saved, to view run: maldet --report 170425-1437.21389

- Just highlight the last part maldet --report 170425-1437.21389, right click copy, and then right click and paste it back into the console terminal prompt and hit enter. To exit the report screen, hit Ctrl-x

The "inotify" monitoring feature is designed to monitor users in real-time for
file creation/modify/move operations. For more information and help, type in "maldet --help", or See the readme file in the maldetect folder.

Code: Select all

sudo apt-get install inotify-tools

Enable real time monitoring of a directory folder.

Code: Select all

maldet -m /home

or your Downloads folder

Code: Select all

maldet -m /Downloads

or a local web server folder

Code: Select all

maldet -m /var/www/html/

Check the monitor log file:

Code: Select all

sudo tail -f /usr/local/maldetect/logs/inotify_log

Hope this helps ...

So, LMD is purely command line based, and by integrating it into ClamAV and ClamTK, we get an absolutely phenomenal antivirus with a GUI, that was originally CLI.
I'm totally for it.
I'll raise the request right-away, I don't have a github account, but I'll surely create one now.

[Mintymandy34]

I'm a complete newbie here and I don't know squat about security.
But I just installed an Appimage program called ClipGrab.
Couldn't have been easier, and it WORKS!

It's a great technology, it's compatible across a lot of distros, it's really small in size and they've built quite a following.
I use AppImageHub to look for AppImages that I didn't know existed, I then follow through that to finally download the AppImages from the official website of the developer.
They are quite good for specific usage.
They don't work nicely with the system themes is what I've noticed.