Free viruses software for linux

Kvirus project is a board/puzzle game for the KDE Environment.

Kvirus is a board game for the KDE Environment and a clone of Ataxxlet originally written in Java.

The goal is to copy or jump your virus to eat up the enemy virus. Kvirus provides a cute interface with hours of fun.

Milter-virus is not a virus scanner. It is a wrapper that can be used with many commercial and freely available virus scanners. Milter-Virust is written completely in C, and requires (few skills??).
It is run-able with the Milter interface, but then will only scan for "double extensions".
If you wish it to scan for more, you need at Ripmime or other tools to extract files from MIME-encoded emails. You also need a (command-line) virus scanner.
The difference between this program and the original is that this is much more configurable via the config file. The original version has the advantage that it is simpler and easier to bugfix.
Enhancements:
- This is a large update.
- Many problems in the statistik module were fixed.
- Some spam protection features were included.

Virge is mail scanner written in C, which replaces/substitutes procmail for a while, checks the incoming mail, and then sends the mail to the procmail. It will check mail for viruses and/or attachment names. Check the FEATURES/README/NEWS files for more details. Virge requires Sendmail and (optionally) AVPDaemon, Sophie or Trophie (to check attachments for viruses).
Virge replaces temporarily procmail. When new mail comes in, Sendmail will pass the contents of the mail to Virge. At that point, Virge performs set of checks:
Checks if the mail has attachments. If it does not, it sends it to procmail for delivery.
If mail has attachments, Virge creates temporary directory, unpacks attachments there, and asks AVP/Sophie/Trophie to scan the temporary directory for viruses. Virge was created with 2 things in mind: performance and security. Because of performance issues, it was not feasible to use any command line scanners like TrendMicro of McAfee ones.
AVP/Sophie/Trophie are instructed to scan attachments for viruses next. If it finds any viruses, mail is immediately isolated in a directory not (hopefully) accessible to anyone except administrators.
If no viruses were found, Virge will then perform attachment check, and see if any of the attachments are not allowed to be sent to the end user. A configuration file is consulted for list of extensions (or full filenames) that should not be allowed in. If any such attachments were found, tricky part comes - Virge will *hopefully* properly "rewrite" the whole email, and strip the attachments that are not allowed. Small notice is attached at the end of the mail, with names of stripped attachments. Mail is also isolated, in case poor overworked sysadmin ever gets some free time to take a closer look.
IMPORTANT: Please, keep in mind that Virge will *NOT* rewrite & send mails when virus has been found. I will *NOT* implement any such features, since it doesnt make any sense (I havent seen a mail with virus that actually had some valuable content in it for many months - maybe even years).
If AVP/Sophie/Trophie are not available (daemon is down), Virge will still deliver mails and annoy admins through syslog messages. Attachment check is still performed.
Users for which no checks should be performed can also be configured. Location of the file can be specified in the configuration file.
Virge is definitelly trying to not let any lame script kiddies abuse it in any way. It is trying to resist to race conditions, buffer overflows, and similar neat tricks. No guarantees, of course, that there are no security problems in Virge.
Virge tries to be as fast as possible, and not waste CPU time or any other resources. It is still possible to make it perform even better, although I presume it would be in 1-5% range. Will take some more time later, and try to fix all the small performance problems.
And yes - Virge *is* fast. I have made a complete Virge V1 in Perl some time ago, but it was absolute failure. Although I tried to use as little modules as possible and make it as fast as possible... it was crap. 2 minutes after I started a script that sends 3-5 mails per second, I started wondering "Why the hell cant I login to the mailserver anymore?". Perl is nice, but its not good for tools like this. Not at all (except if you have low traffic on your mailserver).
And Virge still needs a *lot* of testing. I have tried to test Virge with many different mail (MIME) formats and tried different tricks in order to bypass its decoding techniques (in order to send a virus or .exe to users), but it handles things pretty well. There are cases, though, when it is possible to trick librfc2045 and send attachments that dont get caught, but those attachments are violating RFCs anyway. If your mail client is so stupid to decode invalid/malformed attachments/mails - you deserved it. Dont use stupid mail clients then. Im not going to start adding all those crappy features into Virge that would let someone detect all possible tricks which can be used. Use good mail clients, dont rely on Virge to save you.
Main features:
- Virge can check every incoming mail for attachments, and can remove attachments that are considered dangerous.
- "Dangerous" can be defined:
- email with specific kinds of attachments (e.g., .EXE, .COM, etc.)
- email that contains a virus as identified by Sophie ( http://www.vanja.com )
- email that contains a virus as identified by trophie ( http://www.vanja.com )
- email that contains a virus as identified by AVPDaemon (http://www.avp.ch)
- Any combination of the above.
- Dangerous email can trigger:
- rewriting that removes virus.
- alert back to sender.
- alert to recepient.
- alert to system manager.
- rewrite to remove virus.
- All offending mail messages can be isolated for later reviewing.
- Written in C, so it is very fast, doesnt waste resources, and doesnt depend on a complicated perl installation (which is subject to breaking).
- Notification can be sent (configurable) to sender/recipient of suspicious/infected mail. Templates can be used to define the layout of the mail.
- Regular expressions can be used for filename matching
- Virge was made with security in mind, and should be hard to abuse
- Can be configured to fail open or fail closed if load on the machine goes too high.
- Virge 3.0 designed for easy integration with Postfix

Aegis project is a virus scanner for Linux, Unix and Windows with a simple and intuitive user interface.

Aegis supports scanning of subdirectories, hidden files and .zip and .tar archive files, and drag-and-drop of files from the Nautilus file browser, or your Gnome desktop. When a virus is detected you can choose to delete, quarantine or rename the file.

About AVG Anti-Virus:

• AVG Professional Single Edition is perfectly designed to give you the maximum antivirus protection for your single home PC or workstation.
• It is simple to install and operate. No IT expertise is required and it can run in the background, providing uninterrupted protection. All file and e-mail activity is checked automatically, allowing you to get on with your work without worrying about viruses.
• It is extremely fast, reliable and light on resources, so, no matter how demanding a user you are, it will not slow down your performance.

Enhancements: Added detection of new variants of trojans SHeur2.ANNO, BackDoor.Hupigon5.LCW, SHeur2.ANOR, Downloader.Generic8.AXOI, PSW.Banker5.ONF, Generic13.BPUS.

HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. HTTP Anti Virus Proxy aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.
Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.
Main features:
- HTTP Antivirus proxy
- Scans complete incomming traffic
- Nonblocking downloads
- Smooth scanning of dynamic and password protected traffic
- Can used with squid or other proxy
- Parent proxy support
- Transparent proxy support
- Logfile
- Process change to defined user and group
- Daemon
- Use Clamav (GPL antivirus)
- Operating System: Linux
- Written in C++
- Released under GPL
Enhancements:
- Experimental support was added for chunked Transfer-Encoding, which fixes some broken sites.
- The IGNOREVIRUS configuration directive was added for whitelisting virus names.
- The CLAMBLOCKBROKEN configuration directive was added.
- Detection with AVG was improved.
- HAVP is killed if database reloading fails for Library Scanner.
- The URL is logged when a crashed scanner process is detected.
- The build system updated, adding the --prefix, --sbindir, --sysconfdir, and --localstatedir options.

AMaViS-ng is a modular rewrite of amavisd and amavis-perl. It scans email for malicious code inside attachments and archive files, stopping delivery if malicious code is found.

Most people will say: "A virus scanner? For UN*X? Why? Viruses do not work in a UNIX environment." On the first glance they are right (even if there are at least two viruses which run under Linux - well, actually they are Trojan Horses)

On the second view though, imagine a heterogene network environment where can exist UNIX and Windows systems.Now think of an UN*X server that serves Windows and/or Macintosh workstations via a POP3 service. Would it not be nice to ensure attachments coming via email are scanned for viruses before they reach a system they are able to infect? Well - that is what this package is for. It resides on the server that handles your incoming mails. When a mail arrives, instead of being delivered via procmail directly, is parsed through a script that extracts all attachments from the mail, unpacks (if needed) and scannes them using a professional virus scanner program.