# Virustotal

## YPenguin

How is Gentoo's recommendation on using this service?: https://www.virustotal.com/

----------

## khayyam

 *YPenguin wrote:*   

> How is Gentoo's recommendation on using this service?: https://www.virustotal.com/

 

YPenguin ... that recommendation would probably read "such things are left entirely to the skill and ingenuity of the user", or (more likely) "why would you want to do that? ... this isn't windows".

best ... khay

----------

## YPenguin

Virustotal distributes malware samples to the AV-companies they cooperate with (52 currently).

As a result detected malware gets removed from the wild quicker.

----------

## khayyam

 *YPenguin wrote:*   

> Virustotal distributes malware samples to the AV-companies they cooperate with (52 currently). As a result detected malware gets removed from the wild quicker.

 

YPenguin ... ok, but such AV-companies don't produce software to detect "malware" on machines running linux, so it's pointless they recieve samples, as there is no method for them to act on it, and/or make money from doing so.

best ... khay

----------

## dataking

 *YPenguin wrote:*   

> How is Gentoo's recommendation on using this service?: https://www.virustotal.com/

 

This is a very open ended question.  Khay's points are great and valid.  However, VT also has APIs available which are handy for research, much of which can be done on linux.  Some might argue it's safer to collect/store/submit samples to VT from linux.  As a matter of fact, I have a small collection of tools wrapped around that very concept.

Taken more literally, I doubt Gentoo, as a product offering, and/or as a community, probably has very little to say in regards to VT, for the very points made above.  Only a small subset of malware actually affects linux targets, and even fewer are significant enough to gain any popularity.

Disclaimer:  I am by no means an expert in malware, its development, intent, or targets.  And I am by no means speaking for Gentoo, VirusTotal, or their respective communities.  The comments above are strictly my opinion and may or may not be based on facts, empirical or otherwise.

----------

## Syl20

If you _really_ want to use an antivirus (but why do you ?), you should consider clamav, which is free (open-source). You can use it as a one-shot command.

----------

## YPenguin

What about email-viruses?

----------

## dataking

 *YPenguin wrote:*   

> What about email-viruses?

 What about them?  Again, linux isn't the typical target.  And clamav can be used to intercept *some* malware midstream (email or otherwise).

----------

## YPenguin

I don't have Wine installed because I have separate Windows harddisks but I would like to know how dangerous Windows-viruses might be to Wine.

----------

## Chiitoo

 *YPenguin wrote:*   

> I don't have Wine installed because I have separate Windows harddisks but I would like to know how dangerous Windows-viruses might be to Wine.

 

They could potentially mess with anything and everything a Windows applications via Wine sees, or anything the user running it can see.  I don't think I've ever read of one that would have been specially made to detect that it's actually on Linux/Unix\Other, however.  (See also FAQ: 11.1 Wine is malware-compatible)

Wine definitely shouldn't be thought of a sandbox.  (See also FAQ: 11.2 How good is Wine at sandboxing Windows apps?)

----------

## Fitzcarraldo

 *YPenguin wrote:*   

> What about email-viruses?

 

I don't know your situation, but all the publicly-available e-mail account providers I use (i.e. accounts such as hotmail.com, msn.com, outlook.com, yahoo.com, and so on), and the work e-mail account providers I use, all scan incoming and outgoing e-mails on their e-mail servers before you even see the e-mails. It's standard practice these days. So receiving a virus via e-mail is the least of your worries.

As it happens, just yesterday I used the e-mail client (Thunderbird) on my laptop to send an e-mail with the EICAR virus test file attached, to a different e-mail account with another service provider. The results were as follows:

a) The first provider blocked the attachment when I looked in the Sent folder of that account via WebMail, informing me that "We have blocked some attachments in this message because they appear to be unsafe."

b) I received an automated e-mail from the receiving e-mail account provider informing me that:

 *Quote:*   

> A virus was detected in the following e-mail!:
> 
> From: "AAAAA" <aaaaa@nnnnn.com>
> 
> To: "BBBBB" <bbbbb@xxxxx.com>
> ...

 

Then I used the e-mail client on my laptop to send an e-mail with the EICAR virus test file attached, from the second account to the first account. The sending e-mail account then received the following automated e-mail message:

 *Quote:*   

> Subject: Mail delivery failed: returning message to sender
> 
> Date: Wed, 17 Feb 2016 11:30:10 +0100
> 
> From: Mail Delivery System <mailer-daemon@ddddd.com>
> ...

 

So I don't worry about e-mail. The more likely vectors for importing and exporting virus-infected files are USB pen drives and downloads from the Internet.

----------

