Is Kali Linux need an antivirus ?

[Kaysan]

Hello, I just wan't to know if Kali Linux need an antivirus.
Kali is strong but the security of our system is an important question, I need to know.
Thanks and have a nice day.

[Gear-HT]

I am waiting for a similar answer. I don?t know when I?ll get one.

[digitlrfyug]

umm half the stuff in kali may register as a virus.. like compiled payloads etc.. i mean maybe.. but i think you'd constantly be tripping over your feet.. if someone with more experience can chime in on that .. there is ClamAV or clamscan you could use maybe more effectively on a non pen-test or security testing distro.. but to each there own im not here to rain on anyones parade.

maybe installing PSAD and running a vpn or proxy is enough ? (PSAD = Port Scan Attack detector) something to consider ...

-DigitlRFYUG

[Callum]

Basically you are better off starting with your own linux distro, perhaps debian, and then installing the packages you want instead of running a whole os based around pentesting. archlinux (what blackarch is based on) is its own gnu/linux flavor. I think youre better off starting with debian, learning the OS and installing the stuff you need (pentest packages), then moving onto something else if you feel the need. When I go to cons I take a chromebook that has ubuntu on it (xenial 16.04) and ive never really had an issue using tools released at defcon or shmoo, etc.

[bscho]

Well there are anti virus for Linux but every them I run them they never find anything. Lat time I googled has their been a Linux virus it said not for 3 years. Though Kali will be vulnerable running as root. So do not run as root if your paranoid. Why not backup and see if you can tempt a virus?

[JonGit]

1. If securing/hardening Kali that connects to the Internet, (A) changing the default password, (B) changing the default SSH keys, and (C) updating to the latest release should probably come before installing malware detection software.

2. ClamAV is more than just antivirus. It detects many types of malware. A good summary is presented at https://linuxsecurity.expert/tools/clamav/.

3. From a fresh install on 8/19/2020 of Kali 2020.2a and update to 2020.3 and fresh install of ClamAV (sudo apt install -y clamav clamtk), running 'sudo clamscan -i -r /' found 578 "infected files" out of 289,529 files, or 0.20%.

ClamAV_Scan_Summary_200819.jpg

DigitlRFYUG grossly overestimated the percentage but had the right idea. Running malware detection software on a Kali distro is going to produce many positive results. As this was a fresh install and most of these "infected files" were visible in /usr/share/exploitdb/, ../metasploit-framework, and similar directories, it should be safe to say Kali is an "asymptomatic carrier", if you will, of these infected files and not infected by them. These are the exploits Kali can use against target machines. [No COVID-19 references intended].

You certainly would not want to run clamscan with the '--remove' option or you would delete many of Kali's exploits. ClamTK offers the ability to whitelist certain directories. All but 8 infected files are in sub-directories of /usr/share, so it could be a quick fix for a global solution but tedious if you want granular control of the many sub-directories. Perhaps there is a command line equivalent to add these directories automatically to the whitelist, but I have not found it yet.

Hope this helps answer your original question.

[h4ndl3]

JonGit is on the money. Don't install an antivirus on Kali--or Parrot. Whitelisting directories is one thing, but you should be copying files out of /usr/share into your home directory for customization before deployment. You may have the wrong idea of the purpose for Kali if you are wanting AV. The system is built in such a manner to be thrown away, as in if something goes wrong--reinstall and start fresh. There are many solutions to "starting fresh" but AV monitoring on Kali is like putting mayonnaise on a hot-dog.

[kalishadow]

A lot of people generally run Kali in a VM for this reason - you can section most nasty business away from your 'main' OS, and just remove it and install a fresh when things go south. I'd leave running Kali out of VM to those who REALLY know what they're doing.