This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.
Shane Gibson posted the following a while ago:
>> >> The reason you have not found little to nothing, is >> that there are no viruses that can attack >> a Unix box. >> > >Actually, that's not entirely accurate. >There are VERY few known >Unix Viri, but they are so few and so (relatively) harmless, that >there is essentially, no real threatening viri for Unix. You can find some antivirus packages (or packages which 'scan' the datastream on an Unix Internet server looking for known DOS/Widows viruses) here: Dr Solomon Antivirus for Unix McAfee (https://www.mcafee.com)
AMAVIS (https://satan.oih.rwth-aachen.de /AMaViS/amavis.html)(link dead, sorry) Interscan VirusWall (https://www.datatel-systems.com/virus.htm)(link dead, sorry) Sophos AntiVirus (https://www.sophos.com) (https://www.avertlabs.com/ tvdbeta/unix/download.ht)(link dead, sorry) DataFellows (https://www.datafellows.com) You can also check for a boot-sector virus by making use of the following script, kindly posted by Jeff Liebermann: : # @(#) bvchk Ver 1.05 Checks for boot sector virus. # 03/16/93 by Steve Post (firstname.lastname@example.org) # 02/14/93 tweaks and cleanup (email@example.com) # # Check hard disk boot block against stored image # Must be root to read raw hard disk # Boot block is 376 bytes in all versions of Xenix and SCO Unix. # if [ ! -r /etc/masterboot ] then echo "$0: Error. You must be root to read /etc/masterboot and boot record." exit fi echo "$0: Now comparing /dev/rhd00 boot record with /etc/masterboot" if ( dd if=/dev/rhd00 bs=376 count=1 | /bin/cmp - /etc/masterboot ) 2>/dev/null then echo "$0: Looks OK. You're safe." else echo "$0: Boot record has been changed. You probably have a virus" fi
Got something to add? Send me email.