Does CAVL Detect Linux, Windows and OSX Malware

Does CAVL detect Linux malware?
Does CAVL detect Windows malware?
Does CAVL detect OSX malware?

P.S. Thanks for making the product available.

Hi CColon

AFAIK, CAVL only detects Windows malware (or it did the last time I got a reply from a Comodo dev).

For this reason, I uninstalled CAVL. Not because I don’t like CAVL (I do) but because I feel an antivirus product should protect the host it’s installed on and didn’t feel it was needed. Shame, as I would like CAVL to protect itself against Linux malware only.


On this page in the Frequent Questions section it says

“Does Linux require an anti-virus?
Definitely. It used to be the case that Linux was not heavily targeted by malware writers for two main reasons. Firstly, the general popularity of Linux amongst home users wasn’t very high. This meant hackers had a low number of potential victims and hence a low ‘return on investment’ for their efforts. It was always far more lucrative to attack Windows because of its large user base. Secondly, the fact that there are many variations (distributions) of the Linux OS meant virus programmers would have to create and test separate attack code for each of them. Compare this to Windows where a single virus code is capable of infecting everybody that uses the operating system. In the past few years, however, both these points have been eroded. Firstly, there is a general increase in the popularity of the OS with more and more home users adopting Linux. The fact that major computer distributors like Dell are shipping desktops and laptops with Linux per-installed is testament to this shift. Secondly, the run-away popularity of easy-to-use distributions like Ubuntu has consolidated the fragmented Linux user base. Unfortunately, this makes it easier for hackers to create a single piece of virus code that will hit millions of users.”

THere is still no risk about being infected by malwares in linux

But with wine, some windows malwares can run … and easiest way to get rid of them, is … removing wine & reinstall it.

" the exepension of malware in linux "

is just a marketing arguments ^^

If Comodo want to increase the uptake of CAVL they could do a lot worse than include a signature for this recent Linux Malware

and then publicise the fact on the main linux forums and bulletins.

It looks to be very file specific, so detection should be simple (permanent removal may be more tricky, but detection is surely the most important point).

Then just repeat that process - more quickly each time - for every other new bit of Linux malware that appears ;D

So CAVL detects both for Unix (Linux distros and Mac) and Windows malware, right?
It should, because in CAVL there’s option to connect to Comodo Cloud while scanning…

I see two contradicting stories about whether the database of CAVL holds both Windows and Linux av definitions. When following what has been stated in the release topics there is no mention of anything other than defintions for Windows. But when reading the quoted FAQ in the above definitions for both Linux and Windows would be present…

I sent a pm to Yanghua Fang asking to shine a light on this question.

Thanks EricJH :slight_smile:

From what I can figure out most AV’s (even those that do not provide Linux versions) appear to detect some Linux malware - have a look here for instance:

I would also imagine that many windows originated exploits would be effectively be cross-platform (java, flash etc) and so would be detected (though that does not seem to be the case in this instance.


I would like to know if CAV Linux is scan virus in windows partition, or virus in linux partition?

This is no clear.

CAVL can scan your windows partition if you are dual booted.

Going back to the original question, here is another example where comodo (and most other major AV providers) detect Unix/Linux malware -in this case the recent ho- topic ‘Hand of Thief’ trojan.

So my guess would be that if comodo for windows detects this stuuf, comodo for linux would too.

Test it with test viruses from like I did!

It detects nothing! :frowning:

Sorry, but it’s really useless!

Does it detect the viruses when you access them in the folder where they were downloaded? Does the Comodo scanner of Virus Total detect them?

I’m sorry, but I can’t test this anymore, because I’ve already deinstalled the tool. What I did, was a “normal” scan of the whole computer with its standard settings. And there were found nothing.
Maybe someone else can test this?!

The thing is, I tested the same viruses with my Windows PC where Avast Free is running. And it detected ALL test-viruses directly right BEFORE they could reach the incoming mail folder!
And that’s it, like a virus scanner should ideally work in my opinion.

It should not be, that I need to check a folder for viruses manually. I get several E-mails a day, and some with attachments. A virus could be in each. Perhaps the most viruses don’t even are dangerous for me because I use Linux. But with CAVL I would pass on the undetected mails/attachments to others.

I should be able to test this. I have identified a piece of Linux malware (a keylogger) which Comodo fails to detect. I’ve now submitted this to Comodo for analysis. It can take from a few hours to a couple of days for Antivirus companies to analyse samples, hopefully with Comodo it won’t be too long! I shall report back when Comodo have updated their signatures to detect this malware. If it’s detectable on Linux then we know they are detecting linux malware on linux.

Could you also submit your piece of malware to virustotal and post the result?

It would be interesting to see who is detecting now and follow up over time.

Did you ever get a response to your pm?

We appreciate your interest, but for a newish product it seems to me there has been remarkably little developer involvement with the forum.

I wonder how big the take-up for this product has been? Linux is very much a minority OS to begin with, so a low take-up might soon consign this to the long list of Comodo discontinued products i suspect.

Which would be a shame - but then it’s been provided free so it would be hard to complain.

Keep us posted

I tried to move this along a bit by downloading and scanning the clamav-testfiles package.

CAVL detected 10 samples, but failed to find another 34 that clamav finds.

It turned out that Yanghua Fang is no longer in charge but egemen is. I sent a pm to egemen and he has not responded yet. :-\