Linux malware scanner?

wpspeedster

Well-known member
Joined
May 6, 2016
Messages
114
Best answers
0
Ratings
4
Points
18
#1
What is the best software to scan malware on a Linux VPS server? I have more websites running on Wordpress cms, I doubt there is a site infected with malware hence I want to install a tool to scan whole server or a specific site. what are tools would you recommend? I like both options free and paid ones.
 

isix

Well-known member
Joined
Feb 21, 2017
Messages
145
Best answers
0
Ratings
5
Points
18
#3
Linux Malware Detect (LMD) will help you do detect infected websites and clean the infection, however securing is still necessary to avoid re-infection.
 

Dewlance

Well-known member
Joined
Dec 20, 2014
Messages
102
Best answers
0
Ratings
19 1
Points
18
#4
I use Maldet linux software which is free and easy to use, I was also wrote a installation, configuration tutorial on this and I use my own tutorial to install it on new server because of there is a lot of tutorial on "Linux Malware Detect" but none of tutorial is complete.

Maldet is a really good software which allow me to automatically scan on selected time using cronjob, remove malicious script and notify me so later I can check it and inform client and If script is not malicious then I can also restore it using command line.

Other script is ClamAV which also provide plugin for cPanel for your customer to scan malicious file in email, home directory, etc and this is also available for various other control panel or manual scan is also good option.
 

isix

Well-known member
Joined
Feb 21, 2017
Messages
145
Best answers
0
Ratings
5
Points
18
#5
The only downside of Linux Malware Detect is increased CPU usage while running - and on a larger file system it can takes hours and hours...
 

LJSHost

Moderator
Staff Member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
202
Points
63
#6
If you use Maldet and ClamAV you should have a high level of protection,just remember to keep the database updated.
as @isix said scanners are resource heavy and you don't want them running in an active state 24/7 as they will consume a large amount of resources.

Run a scan every other day or weekly/monthly
 

AlbaHost

Well-known member
Joined
Jan 18, 2017
Messages
292
Best answers
1
Ratings
72 4
Points
28
#7
Use both of them Maldet and ClamAV and link together, if you are using whm cPanel here you go:

1) Login to WHM (Web Host Manager) as the root user
2) Navigate to: Home » cPanel » Manage Plugins
3) Tick the Install and keep updated box
4) Click on Save

Installing ClamAV via SSH

This command tells the system that we want ClamAV to be listed as installed by the local RPM system:


/scripts/update_local_rpm_versions --edit target_settings.clamav installed


This command is the one responsible for installing the ClamAV RPM on your server:


/scripts/check_cpanel_rpms --fix --targets=clamav

Installing Maldet

1) Login to SSH as the root user
2) Execute the below commands:

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh

Linking the two together

If you were to run a Linux Malware Detect scan now, it would run with no problem, however, it would not include ClamAV's definitions, therefore slowing down the scan completion time and threat detection ratio. To solve this, we must create two symbolic links, as follows:

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

Updating the applications

Let's ensure both applications are up-to-date now:

maldet -d
maldet -u
freshclam

Running a malware scan

Now, when you run a Maldet scan, you'll have the best of both worlds (think of it as ClamAV and Linux Malware Detect teaming up). Say you wanted to run a malware scan of /home, you could do so with:

maldet -a /home/?
Hope it helps.
 

LarsJ

Active member
Joined
Sep 19, 2016
Messages
72
Best answers
0
Ratings
8
Points
8
#8
If you are looking for something more WordPress specific, try ithemes security. I'm not sure if it still comes with Sucuri malware scanning still. Only problem is if Sucuri did actually find something, costs were involved... I like to think the security services that cost money *should* be better... As long as it's per server and not per domain it should still be quite affordable.
 

isix

Well-known member
Joined
Feb 21, 2017
Messages
145
Best answers
0
Ratings
5
Points
18
#9
Now, to point it to the RIGHT direction - the primary level of a website, files, apps etc. security has to be done by the hosting provider/company. If you have your site hosted within a vulnerable OS then, such things like Sucuri WP plugin won't help you to avoid your site get hacked.
 

isix

Well-known member
Joined
Feb 21, 2017
Messages
145
Best answers
0
Ratings
5
Points
18
#11
OP is talking about a tool to scan for malware. Sucuri can scan for malware. Sucuri helps with website security, with specialization in WordPress Security.
OP is talking about

What is the best software to scan malware on a Linux VPS server?
 

fwh

Administrator
Staff Member
Joined
Dec 8, 2012
Messages
669
Best answers
0
Ratings
262 1
Points
63
#12
I used any tools or software to detect malware/virus but to be honest they only help in any cases or couldn't find which files are infected or contained malware. Because people created them, understood how malware scanner software or tools work to avoid to be detected unless those tools have a list of old malware/viruses in their list so know how/where to find them then they could work.

I saw codes (malware/viruses) and most of them are encoded or look like as normal codes which tools can ignore. Thus to detect and solve malware/virus on sites you need to have the latest source of your website cms (always remember this), check strange codes in databases, reupload plugins, files, parts of your website carefully. If you wrote your own codes then it will be more easier to find out the problem and fix it.

Just my 0.00002 cents!
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#13
We use ClamAV Enterprise Scanner with database updated. Yes Scanners, takes resource and uses lot of CPU. ClamAV always does the job for us, when it comes to fixing wordpress malware, you can give it a try.

Also install wordfence on wordpress instances and scan them, it will detect and fix any malware with your help. After cleaning all the websites, delete all the unnecessary plugins, keep everything updated, remove deprecated plugins and manage things from now onward.

WordPress is not so bad, when it comes to malware, however it depends on how good we manage it. After you have secured your wordpress website, use a plugin like this

https://wordpress.org/plugins/wp-simple-firewall/

Its light on resources compared to wordfence and ithemes security and does the job of protecting your wordpress instances. Also comes with automated wp plugin, core updates managed by plugin, so you always have best configuration possible with it.

Hope this helps you. Thank you
 

wpspeedster

Well-known member
Joined
May 6, 2016
Messages
114
Best answers
0
Ratings
4
Points
18
#14
We use ClamAV Enterprise Scanner with database updated. Yes Scanners, takes resource and uses lot of CPU. ClamAV always does the job for us, when it comes to fixing wordpress malware, you can give it a try.
It will fix wordpress malware or just detecting where malware is existing?
sorry I have not ever used this software in the past.
How to install ClamAV Enterprise Scanner? is is installed on hosting or from WP site?

Also install wordfence on wordpress instances and scan them, it will detect and fix any malware with your help. After cleaning all the websites, delete all the unnecessary plugins, keep everything updated, remove deprecated plugins and manage things from now onward.

WordPress is not so bad, when it comes to malware, however it depends on how good we manage it. After you have secured your wordpress website, use a plugin like this

Its light on resources compared to wordfence and ithemes security and does the job of protecting your wordpress instances. Also comes with automated wp plugin, core updates managed by plugin, so you always have best configuration possible with it.

Hope this helps you. Thank you
Thank you and I used those plugins and they detected a few files that doubting malware are being existed but not fixed. I opened the files and found some strange codes. I asked sucuri.net support team but their prices are not cheap and the time to fix is not maintained.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#15
It will fix wordpress malware or just detecting where malware is existing?
It shows the infected files location, and provides an option to ignore or quarentine or delete

How to install ClamAV Enterprise Scanner? is is installed on hosting or from WP site?
Clam AV is installed in your CPanel by your hosting provider, if it is not there, you have to ask your host to enable it.

Thank you and I used those plugins and they detected a few files that doubting malware are being existed but not fixed.
Yes, they need some manual intervention, you have to notedown the files that are infected, then download the wp files to your PC or Computer (preferably linux os / mac) because if your windows machine is malware affected, then it will mess up more.

And then you should remove those codes, usually look giberrish or with some 0111232442xxxxx like this.. you will see. You have to remove those parts.

After removing, you need to reupload the cleaned files to your host and it will solve in 99% cases. But before uploading, ask your host to scan your account and enable virus scanner (clamav). So that you can upload fixed files and ensure that they are good.

I asked sucuri.net support team but their prices are not cheap and the time to fix is not maintained.
Its common. They are overloaded with works, better do it yourself, if you know how to fix things. Else contact some wordpress experts, they will help you out. By the way, get a better hosting, if your website constantly infected with malware.

If you are not on cloudlinux, bad neighbourhood sites can spread the malware to your account easily. As normal cpanel accounts does not get isloated like cloudlinux.

Hope you fix your websites soon and hope this will help you. Thanks
 

isix

Well-known member
Joined
Feb 21, 2017
Messages
145
Best answers
0
Ratings
5
Points
18
#19
isix
Just to correct you - if you use suPHP then your account will be isolated on cPanel. suPHP makes your PHP scripts server more secure and allows you to identify which user runs each PHP script. When running PHP as suPHP all of your PHP scripts are executed as the user whose home directory you are in.

The downside of using suPHP is that it causes a lot of additional CPU usage.
 

LarsJ

Active member
Joined
Sep 19, 2016
Messages
72
Best answers
0
Ratings
8
Points
8
#16
I agree on Sucuri pricing. They tend to have some hefty prices sometimes if you have already been infected but not so much in preventing. A bit like Sitelock and many others. We use ithemes for all our specific WP security. I can recommend a great company to help you if you like but I'm not sure if they are WP experts...
 

SolaDrive

Active member
Joined
Apr 11, 2017
Messages
65
Best answers
0
Ratings
6 2
Points
8
#17
We like to use ClamAV as most have mention in combination with Maldet scanner. As for Wordpress we recommend using Wordfence, it works very well.
 

wpspeedster

Well-known member
Joined
May 6, 2016
Messages
114
Best answers
0
Ratings
4
Points
18
#18
Clam AV is installed in your CPanel by your hosting provider, if it is not there, you have to ask your host to enable it.
I want to ask if Clam AV works on any hosting panels? and it will protect the hosting server from malware or just scan malware/virus?

If you are not on cloudlinux, bad neighbourhood sites can spread the malware to your account easily. As normal cpanel accounts does not get isloated like cloudlinux.

Hope you fix your websites soon and hope this will help you. Thanks
It is why I afraid of using shared hosting, easily get local hack or infected virus from other hosting accounts on same server.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#20
I want to ask if Clam AV works on any hosting panels?
Clam AV is enterprise antivirus product https://www.clamav.net/documents/installing-clamav#requirements

It comes as Plugin in CPanel https://documentation.cpanel.net/display/ALD/Configure+ClamAV+Scanner

Not sure about other hosting panel, but when it comes to ease of installation, CPanel / WHM has just few steps to get it working. I saw clamav shipped with vestacp in free control panels.

it will protect the hosting server from malware or just scan malware/virus?
It does both, first thing you need to do, is to scan your /home directory of each account on your VPS (assuming you are using VPS and prefer GUI tools). Once everything is fine, you can see that whenever you upload a file via CPanel file manager and if it is infected file, the upload will not succeed. In this way it will protect actively, after it is installed.

I will not say that it is very powerful out of box, but it will atleast mitigate most of the files that may be infected. You have to regularly scan your accounts to see if virus files are uploaded in other modes.

Suppose wordpress, does have media uploader, if the file is uploaded using that interface, then sometimes it is possible for clamav unable to detect infected file. So its still possible to get infected files uploaded this way.

There is a soultion for this issue, you can install plugins like wordfence which have some options to throtlle or control uploads and it has active scanner as well.

Its important that you keep your host (PC or Computer or Laptop) virus free and secure, as most of the times, the virus starts spreading through uploads and email clients (desktop email clients like outlook etc..) especially when using windows.

It is why I afraid of using shared hosting, easily get local hack or infected virus from other hosting accounts on same server.
Not all shared hosting servers are the same, but it may or may not happen with every provider. There are providers out there, who does active monitoring of server and make sure that clients accounts are safe.

And you may not be safe if you use VPS, and it is not hardened and secured. Even though it is VPS, unless you secure all your accounts on your VPS. It may be the same case like shared environment without security and protection. In any case it may or may not happen.

Only thing, you can do is to manage your websites properly and harden them, it may be time consuming, but its worth the efforts put into making things better. Hope it clarifies your queries.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#21
The downside of using suPHP is that it causes a lot of additional CPU usage.
Thats why did not mentioned about suPHP..but if the OP thinks, he can manage it, he will test it out. Lets see what are his thoughts.
 
Newer Threads
Replies
7
Views
3,712
Replies
0
Views
3
Replies
6
Views
429
Latest Threads
Recommended Threads
Replies
12
Views
3,964
Replies
1
Views
981
Replies
1
Views
1,067

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Top