Antivirus & security/Dr.Web
After testing Clavam with conflicting results and given the increasingly pressing dangers that recently threaten Linux distributions, I started looking for another GUI user friendly tool to analyze my system.
The most well-known antivirus and security brands offer only Linux enterprise or server-side solutions but yesterday I discovered Dr.Web Security Space for Linux the first anti-virus service in Russia, also available for Linux systems.
Dr.Web Security Space for Linux
Compared Windows and mac OS versions, the Linux one has limited functionality, Firewall and Preventive Protection are not present.
It is possible to try the Linux trial version for 30 days or purchase a single PC annual licence for 16.94 euros which becomes 27.20 for two years and 36.78 for 3 years.
Prices increase if you add the technical support option or install on additional PCs.
Linux dedicated documentation
The availability of online tutorials and information is truly extensive and available in every language.
In addition to Linux dedicate online resources, there is a over 200 pages PDF file.
How to install Dr.Web Security Space for Linux
Installer is an over 600 MB binary file, you just need to assign execution permissions with
$ sudo chmod +x and run it.
Linux interface although minimal is much more complete than free ClamTk one.
A nice icon is also added to my GNOME toolbar to activate or deactivate the main antivirus functions and update (you need gnome-shell-extension-appindicator).
The first 400 mb signature update was quite slow.
To unlock advanced features you need to provide your root password.
Here are the features that I report directly from the official website, then I will analyze full scan results on my Arch Linux system..
Features of Dr.Web Security Space for Linux
The SpIDer Guard file monitor for Linux controls file operations and attempts made to run executable files. It will check any file that a program or user wants to use. This helps detect and neutralise malicious programs when they try to are trying to infect a computer.
SpIDer Guard strives to cure all the infected files for which curing is possible. You decide (by configuring Dr.Web’s settings) how SpiDer Guard will undertake scans, what kind of access you need to different resources, and what files and folders you want to exclude from scanning.
Protects against Windows-specific threats launched under Linux — including with the help of Dr.Web Cloud. Remotely scans Internet of Things devices on which an anti-virus cannot be installed—routers, set-top boxes, etc. Only users with Administrator permissions can disable SpIDer Guard.
The HTTP monitor SpIDer Gate for Linux
In real time, it prevents viruses and malware from accessing the protected system and will cure any viruses that have already penetrated it.
- No configuration is required after Dr.Web is installed
- Does not affect overall system performance
- Blocks access to sites used to distribute malicious or potentially dangerous programs and to sites that infringe upon copyright-holder rights.
- Blocks access to known malicious resources – including to malware trying to access control servers.
- Blocks access to phishing sites.
- Blocks access to unwanted sites that use social engineering techniques to misguide users.
- Detects malicious files, including those located in archives, when cybercriminals attempt to download and transmit them, including via secure protocol.1
Dr.Web Process Heuristic technology will analyse the behaviour of each running program in real time by comparing it with the reputation information stored in the Dr.Web cloud, which is constantly updated. It will determine whether a program is dangerous and then take whatever measures are necessary to neutralise the threat.
Dr.Web ShellGuard technology will detect when malicious code attempts to exploit a vulnerability and terminate the attacked process immediately, thus preventing the exploit from running.
The Dr.Web heuristic analyser will use its knowledge (heuristics) about certain properties typical of viruses to stop an exploit.
Blocks access to unwanted sites (Parental Control for Linux)
I tested it with Firefox and Chrome on Arch Linux.
- Instantly checks URLs on Doctor Web’s server regardless of the update settings or how current the virus databases on the user’s computer are (find out more).
- Restricts access to sites according to 14 thematic groups (weapons, drugs, gambling, adult content, etc.).
- Protects children from visiting unwanted resources.
Depending on the distribution, Dr.Web Anti-Spam could be unavailable in Dr.Web for Linux. In this case, email messages will not be scanned for signs of spam. In Arch Linux I did not find this feature.
If any email messages are falsely detected by the email anti-spam component Dr.Web Anti-Spam, we recommend you to forward them to special addresses for analysis and improvement of spam filter quality. To do that, save each message to a separate .eml file. Then attach the files to an email message and forward it to the special address.
•[email protected]—if it contains email files, erroneously considered spam;
•[email protected]—if it contains spam email files, failed to be recognized as spam.
I tried to scan my system (Arch Linux)
I haven’t reinstalled Arch in many years and I’ve installed tons of stuff on my PC, there’s definitely some garbage left. I ran the scan before going to sleep.
The next morning I found 18 instances, almost all in old or recent mbox files or in text files under /trash/expunged in files that I had tried to recover with recovery tools.
Two txt files have been labeled as Trojan.
Leave a Reply