MX Linux Forum

Posted: **Wed Sep 04, 2019 9:31 pm**

Hi all,

First off im totally new to Linux just moved over from Windows. So please be paitent as I am by no means an expat.

I have been using Sophos on my Windows environments for a long time and its been a good product so when i saw there was a Linux version naturally i followed the guide on youtube to install it.

I noticed that there is no GUI for it which isnt really a problem but during the installation i got a error for real time scanning. I tested this by downloading eicar files from the internet and it didnt stop it however when i did a manual scan of the downloads directory it picked it up and deleted it. This is why i think its not working properly.

So my question is:
- Is there a way to get a GUI for sophos?
- How can i check the real time scanning is on?
- How can i schedule scans rather then doing it manually?

Potentially there is probably a better anti-virus suited for linux happy to hear what that might be that others are using.

Posted: **Wed Sep 04, 2019 10:15 pm**

I believe that the Sophos client on Debian based distros has always had issues with the Talpa Binary pack needing to be compiled.
https://community.sophos.com/kb/en-us/13503

Linux isn't Windows, this doesn't mean you don't have to be careful, as there is malware developed for Linux.
We don't need to cover all the religious reasons why some think you shouldn't or should care, there is plenty of that info on the inter-webs.

But if you are worried you could get hit by drive-by or watering hole browser malware, through phishing and spam, or just want to be a good netizen then...

ClamAV is the mainly used anti-virus solution out there, I believe the newer versions have on-access scanning through a daemon.

For comfortability, there is the ClamTK GUI.

If you open up Synaptic, search for "clam" you'll find packages for scanning things like Zip, RAR, and other files too!

For rootkits, there is rkhunter and chrootkit.

Personally, I would just:
1. open GUFW and turn the firewall on (Home should be fine)
2. install ClamAV, ClamTK, and whatever complimenting packages you want.
3. secure your browser, install uBlock Origin, Privacy Badger, and the VirusTotal extension (VTzilla for Firefox) The later will let you send things (files, webpages, links etc) to Google's VirusTotal before opening them.
4. antiX and MX now come with antiX Advert Blocker so give that a try too (check someonewhocares.org at least), a lot of malicious code is hidden in Ads these days.
5. uninstall things like ftp, telnet, hexchat, netcat, geany, git, samba (server) etc, etc if you don't need them because the badguys or automated tools will use them to "live off the land".

That right there should take care of most of the big stuffs.
If you want more, DuckDuckGo can provide you all the information you want.
The sky is the limit on how far you want to go, you can compile your own Linux kernel if you want to go that far.

Posted: **Thu Sep 05, 2019 6:42 am**

Thanks for all the tips!

I am trying to remove the Sophos folder but can't seem to remove it.
Any idea how I can delete it? I did google but didn't work.

Code: Select all

:~/Downloads
$ rm -rf sophos-av
rm: cannot remove 'sophos-av/sav.tar': Permission denied
rm: cannot remove 'sophos-av/uncdownload.tar': Permission denied
rm: cannot remove 'sophos-av/install.sh': Permission denied
rm: cannot remove 'sophos-av/talpa.tar': Permission denied

:~/Downloads
$ chmod ugo+rwx sophos-av
chmod: changing permissions of 'sophos-av': Operation not permitted

:~/Downloads
$ lsattr sophos-av
--------------e---- sophos-av/sav.tar
--------------e---- sophos-av/uncdownload.tar
--------------e---- sophos-av/install.sh
--------------e---- sophos-av/talpa.tar

Posted: **Thu Sep 05, 2019 6:57 am**

Code: Select all

sudo rm -rf sophos-av

should work. Enter your own password when it asks you.

Posted: **Thu Sep 05, 2019 6:51 pm**

Tried with sudo as well no luck.
Any other ideas?

Code: Select all

:~/Downloads
$ sudo rm -rf sophos-av
[sudo] password for xxxxxx: 
rm: cannot remove 'sophos-av/sav.tar': Operation not permitted
rm: cannot remove 'sophos-av/uncdownload.tar': Operation not permitted
rm: cannot remove 'sophos-av/install.sh': Operation not permitted
rm: cannot remove 'sophos-av/talpa.tar': Operation not permitted

With GUI side seems to be same error when i open as root

Posted: **Thu Sep 05, 2019 7:47 pm**

Did you try performing a 'complete uninstall' in synaptic or mxpi, or wherever you may have gotten this beast? :lipsrsealed:

In the future, lease do yourself a favor and check with linux folks how to best approach solving a prblem. You'll be glad you did. Windows logic does not frequently apply in this world...

Posted: **Thu Sep 05, 2019 9:29 pm**

Actually its not even the install. What I am trying to delete is the .tar extracted files.
So all the files inside this Sophos folder was inside a tar which i extracted and installed.

Following this youtube video: (froward to 7 minutes)
https://www.youtube.com/watch?v=QH9gRThLEag

The Sophos install didn't show up in synaptic when I wanted to uninstall.
I uninstalled it using this method as per Sophos document:
https://community.sophos.com/kb/en-us/116928

So the program itself is gone just the installer files which i extracted I can't delete.

Posted: **Thu Sep 05, 2019 9:44 pm**

Try booting from your MX live USB stick and then deleting the sophos directory (as sudo or in a root Thunar.) If it still won't let you then I don't know what to tell you: Sophos has probably done something to protect itself from being removed, just like many viruses do. You may have to just reinstall MX.

From now on, never download and install stuff from the Internet or follow installation instructions on other websites unless one of the MX developers tells you to in order to solve a problem you're having. If you want an app, first run MX Package Installer and see if it's available in any of the tabs: Popular Apps, Stable repo, Testing repo, Debian backports or Flatpaks. If it's not there, first read the instructions here then start a new topic here requesting that the app be added to MX's repositories. The MX Packaging Team will review any existing packages that the app's developer may have provided, the source code, whether or not the app already has a package available in upstream Debian, and repackage it if necessary (or possible) to make it work in MX without breaking other things. At very least, start a new topic in the forum: "I want to install this app following these instructions, is it safe?"

TL:DR version: only install apps with MX Package Installer (MXPI.) If what you want isn't available on any of the tabs, ask for it to be added to MX so you can install it with MXPI.

Posted: **Fri Sep 06, 2019 12:10 am**

First Welcome to the new world of Linux and More specifically to MX Linux.
As a windows user, every body including me when migrated to linux we bring some windows culture with us like Anti-Virus treats, File fragmentation, Installing software from here and there...

In linux you should be assured about system is very secure regarding to virus and malware infections. Windows virus are simple text files here and cant harm your system but some things you should keep in mind as mentioned mostly by SwampRabbit. Again antivirus softwares available are not for linux, they are for windows as if you download some file which contains virus to infect windows can not do any harm to you, but if you distribute the file to anyone using Windows may tell your system is infectede as he get virus threat in his system.

One more thing you need to know and practice, Use Commonsense when on line, dont open any things shown up. Use Super user power Vigilantly and never run any code from terminal if not familiar. Rest mentioned by SwampRabbit.

No need to get any antivirus on linux with some terms and conditions, No need any file de fragmentation and Install software from official repository only, If software not latest please wait or check testing repos.

Posted: **Fri Sep 06, 2019 2:53 am**

You might get a better idea of the problem if you use

Code: Select all

 ls -la sophos-av

instead of lsattr.

I'd try the following:

Code: Select all

 chmod ugo+w sophos-av

If that returns an error and lets assume the i and a flags are set, then:

Code: Select all

chattr -i -a sophos-av

If no error then try again: (If still not permitted stop, as I'm stumped

)

Code: Select all

chmod ugo+w sophos-av

If OK then:

Code: Select all

rm -rf sophos-av

Or just wait for someone more knowledgable about file permissions/attributes.

Posted: **Fri Sep 06, 2019 4:02 am**

Auro Kumar Sahoo wrote: Fri Sep 06, 2019 12:10 am First Welcome to the new world of Linux and More specifically to MX Linux.
As a windows user, every body including me when migrated to linux we bring some windows culture with us like Anti-Virus treats, File fragmentation, Installing software from here and there...

In linux you should be assured about system is very secure regarding to virus and malware infections. Windows virus are simple text files here and cant harm your system but some things you should keep in mind as mentioned mostly by SwampRabbit. Again antivirus softwares available are not for linux, they are for windows as if you download some file which contains virus to infect windows can not do any harm to you, but if you distribute the file to anyone using Windows may tell your system is infectede as he get virus threat in his system.

One more thing you need to know and practice, Use Commonsense when on line, dont open any things shown up. Use Super user power Vigilantly and never run any code from terminal if not familiar. Rest mentioned by SwampRabbit.

No need to get any antivirus on linux with some terms and conditions, No need any file de fragmentation and Install software from official repository only, If software not latest please wait or check testing repos.

^^^ Please TS, read this and please forget about the whole Windows antivirus.

Posted: **Fri Sep 06, 2019 4:39 am**

To further emphasize my point I may request you to read the article and be assured.

https://easylinuxtipsproject.blogspot.c ... html#ID1.1

The author says

1.1. You don't need any antivirus software or rootkit removers (such as chkrootkit and rkhunter) in your Linux Mint or Ubuntu. What's more, those applications even decrease your security(!). Below I'll explain why I'm against installing antivirus and rootkit removers.

a. Antivirus is useless
A virus or rootkit can't install itself in Linux unless you let it. In order to install itself on your computer, a virus or rootkit needs your password. And that it doesn't have.

Or in case it's malware ( a script) that can execute itself in your home directory without password: you'll have to make it executable first. Any script that you download, is not executable: you have to set the executable bit of the script yourself, by hand.

If you only install software from the secured official "software store" (software repositories) of your Linux distribution, then that's a very effective barrier against malware. More than that, there are no Linux viruses or rootkits "in the wild" for end users like yourself. (The exception is viruses targeted at Linux web servers, but securing web servers is quite a different cup of tea.)

b. Antivirus introduces a dangerous vulnerability
Furthermore, antivirus (AV) software sometimes even actively endangers your system: Because AV has by definition high permissions on the system and because it's often inadequately protected against hacking.... This makes AV software an ideal target for hackers.

Antivirus applications have been designed to read and open as many file types as possible. Because every kind of file can theoretically contain a virus. Unlike ordinary applications, which can only read and open certain specific file types. For example: word processors can usually only open document related files, and no mp3 music files. For media players the reverse is true.

Because antivirus can read and open everything, and actually does precisely that during a scan, its potential vulnerability (attack surface) is much bigger. And therefore also its attraction as target for people with malicious intentions. That's not just theory; more about that at the end of section 2 on this page.

c. No real protection against zero day
Antivirus products can only protect against known threats. The claim of antivirus companies that their products offer some protection against future (as yet unknown) "zero day" attacks is misleading: the antivirus software itself is just as vulnerable to future zero day attacks as the software it claims to protect...

d. False sense of security
Furthermore, antivirus software gives you a false sense of security, which might make you less cautious about installing software from external sources.

e. Windows viruses are harmless in Linux
Virus scanners scan mainly for Windows viruses. These viruses don't work in Linux. So you don't have to worry about them, either.

f. False warnings
Virus scanners often issue false warnings. Possibly intentionally, to make the user feel good about the presence of the scanner. This sometimes induces people to needlessly damage their system, because they remove essential system files incorrectly labeled as malware.

g. Essentially, each and every app is a risk
Installing an application, any application, increases your attack surface. For example: web browsers are indispensable for browsing the web, so you take the “risk” of installing them. You accept their attack surface as the price you have to pay for using the web.

But in desktop Linux, an antivirus application is good for nothing at all. It promises extra security, but in fact it only decreases security. So why would anyone want to have antivirus in desktop Linux in the first place?

Understanding Firewalls
1.2. A firewall is a security tool that monitors and polices network traffic. You can use a firewall to protect your system from malicious incoming traffic.

and mx provides firewall pre installed. Please read user manual.

Although the author has given mint and Ubuntu as OS, but some/ many things applicable to all Linux Systems. Under same line i may ask you to read this one too:-
https://easylinuxtipsproject.blogspot.c ... s.html#ID2

(the article mentions ppas, please don’t use them on MX as mx is not based on Ubuntu, rather based on Debian)

Hope you will get some more confidence and points to use MX.

Posted: **Fri Sep 06, 2019 2:46 pm**

The biggest lesson for me here is not to download apps from random sources.
You can get away with that in windows as there is no mxpi but in linux world its different.
It does make things very simple for install and uninstall.

Will take me sometime to not have anti-virus. Have had that on every computer for the past 15 years but change is good!
That article does provide some interesting points.

I will just re-install mx again on my computer doesn't take long. Just installed it on my laptop :)

Thanks for all your help.

Posted: **Thu Apr 30, 2020 4:52 am**

Thank you to all the Users who answered to this question and especially to SwompRabbit for the exahustive explanations about how to find antivirus utility for mxlinux in synaptic and also the suggestion of the estension for browser that now in google is called VT4Browsers (you suggested VTZilla if I don't mistake). I thank you also Jaym for the suggestion about the risk of download app for mxlinux using internet. For me that I'm at the beginning as Linux said is really usefull your suggestion. Thank you very much. I was looking for a antivirus and I read varoious article on internet about the best antivirus for linux and and your suggestion guided me to download the programs I was looking for and also to remove program that I don't use and that can be dangerous. Bye from Mariagrazia from Italy

MX Linux Forum

Sophos anti-virus GUI / real time scanning

Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning

Re: Sophos anti-virus GUI / real time scanning