Is there an Ubuntu sanity check for malware?

Question

Let's say for example I unknowingly install a piece of malware, and install it. How do I know I've done something so stupid? Windows has anti-virus/malware software to check, while GNU/Linux seems to be lacking, with most of these programs on GNU/Linux dedicated to finding Windows viruses, like ClamAV. Sophos seems like a good idea, but it doesn't elegantly install with your package manager, and sometimes pops up a window stating about errors the automatic scanner finds. Besides that, the automatic scanner seems to be pretty particular with kernels, like you can't use a HWE kernel when it comes out. :/

Also, if I do get malware, can I still install a scanner, or will it not be effective, since the malware could interfere with a new installation? Could I even scan at all on such an infected system? Do I have to use a live USB instead?

Answer 1

If you are looking for a simple sanity check, you could try this answer: Can dpkg verify files from an installed package. This suggests using

sudo dpkg --verify

to check for mismatches on the md5sums. On my system, this shows up things like ??5?????? /usr/bin/easy_install which may have been modified legitimately by something other than dpkg or apt-get.

Answer 2

The arguments for and against AV protection have been debated ad nauseam. Without expressing my view for or against, I'll say that I run Sophos AV on Ubuntu 16.04 and it has identified files that were otherwise compromised and / or contained malware, primarily in the area of file storage from the network. This solution has both on-demand and on-access features.

Sophos makes this available free for home / non-commercial use:
https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

So to the question: "Is there an Ubuntu sanity check for malware?"
Yes, and my solution of choice is SophosAV

There are others.