Kaspersky launches malware scanner for Linux

Called KVRT, the tool is already known to Windows users. Just ported to Linux and compatible with the most important distributions, it should help to better protect against cyber threats on 64-bit systems.

Based on the observation that anti-malware security is still too neglected on Linux systems, the Kaspersky teams have just published a malware detector capable of identifying, isolating and removing the most widespread threats. A decision which follows the discovery of a backdoor in XZ Utils (open source project implementing LZMA compression and decompression) embedded in many mainstream Linux distributions.

Anti-malware compatible with the most popular Linux distributions

In fact, KVRT (Kaspersky Virus Removal Tool) is not a real-time protection tool, but a small free, portable program, available in CLI and GUI versions, intended to scan 64-bit Linux systems (x86- 64) in search of malware, adware or any other legitimate application whose possible exploits could serve as a battering ram for cyberattackers. To do this, KVRT analyzes RAM memory, the different boot sectors, startup applications, as well as all system files likely to be infected. All file formats are supported by the module, including archive formats. Once threats are identified, they are quarantined and/or deleted.

To detect the most common and latest threats, the software relies on virus databases regularly updated by Kaspersky. Therefore, Internet connection is mandatory. Be careful however, to the extent that KVRT requires both high admin rights and to be run manually, it is up to users to systematically download the latest version of the tool to benefit from the latest definitions, and therefore a up-to-date security solution.

According to Kaspersky, KVRT is operational on the most popular distributions, including Debian, Ubuntu, SUSE, openSUSE, Red Hat, Mint and CentOS. The complete list of verified distributions is accessible on the company’s website, which still encourages users of other versions to test the functionalities of its antimalware.

How to use KVRT on Linux?

First thing to do: download the software and run the software, preferably in super user mode. Indeed, if you launch KVRT without elevated privileges, it will not be able to access locations and system files requiring admin permissions. Since the application is portable, there is no need to install it on the system. Also note that the provision of a CLI (command line) version of the program allows it to operate up to a level 3 run level, and therefore to help Internet users already struggling with a stubborn infection.

During the execution process, KVRT stores files necessary for its proper functioning in a temporary directory /tmp/. All of these elements are automatically deleted once the application is closed.

Finally, after the scan, KVRT saves a copy of the deleted malicious files in the folder /var/opt/KVRT2024_Data/Quarantine (Root user, always).

Source : Kaspersky