Linux malware scanner?

WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
We've found it best to scan files off of the webhosting server to reduce the load. The initial scan be as simple as making a zip of all the files, copying them to a server, scanning them for malware, removing all malware then copying the cleaned files back to the web server, thus overwriting any infected files and deleting all backdoors, phishing, etc files the hackers uploaded.

This eliminates the load on the server.

From the initial scan, you only have to monitor for file changes/additions, copy them to the external server, scan them and take any necessary steps to remove any malware.

You can also grab the log files on a constant basis to help in root cause analysis.
 
WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
We created our own tool. If you're used to using ClamAV you could run that, but you should also get some additional signatures. The standard base of signatures will only catch about 40% of the website malware.

You could download it your PC, but most anti-virus software for a PC will not catch all the website malware.

Website malware is totally different than PC or Mac type malware.
 
wpspeedster

wpspeedster

Well-known member
Registered
Joined
May 6, 2016
Messages
120
Points
18
WeWatchYourWebsite said:
We created our own tool.
Click to expand...
Really? what are the features of your tool? why did you create your own tool without using an existed tool out there?

WeWatchYourWebsite said:
You could download it your PC, but most anti-virus software for a PC will not catch all the website malware.

Website malware is totally different than PC or Mac type malware.
Click to expand...
Its quite exact and I tried to use an antivirus software to scan malware on infected files and not found at all. Why that?
It antivirus software just designed to scan virus?
 
WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
wpspeedster said:
Really? what are the features of your tool? why did you create your own tool without using an existed tool out there?
Click to expand...
We created our own tool because we wanted it to perform and function exactly how we needed it to. I'm a C/C++ programmer from way back in the day, so creating a new tool was not that difficult. I identified exactly what I wanted it to do and wrote it. We use Google's RE2 regex library for our signatures. Our anomaly detection and behavior analysis engines are written in C++ as well. Our systems deobfuscate PHP and javascript code. We did not find any standard libraries or programs to perform those functions so we had to create our own tools.

Its quite exact and I tried to use an antivirus software to scan malware on infected files and not found at all. Why that?
It antivirus software just designed to scan virus?
Click to expand...
Local PC and Mac based anti-virus scanners are typically looking for binaries, files that are compiled. They are good at detecting abnormal code that runs on your local computer. Website malware is totally different. Website files are typically all text. You can edit them with any text editor and they usually don't run on your local computer unless you have PHP and MySQL installed and running on your local computer.

This is why companies like us and Sucuri exist. To address the website security market - not the entire cyber security market.

I hope I've answered your questions.
 
Nixtree

Nixtree

Well-known member
Registered
Joined
Jul 16, 2016
Messages
133
Points
28
If you are having server root access, then I will suggest to have the below setup in a cpanel server / Normal server

1. Install Clamav and Clamd
2. Install Maldet
3. Enable clamav in maldet conf
4. Scan the accounts.
5. If you see even one bad files, then those accounts needs to be checked in more detail
6. In detailed check, first thing you need to do is a manual check on files in the public_html, and other uploads folders. If you are seeing any bad files which are not related to the CMS, then you should check them in more detail. EAch CMS have some most vulnerable areas which will be getting hacked more commonly.
7. Ask all your clients to have wordpress/jomla upgraded to the latest version and inform customers to upgrade if any have not done.
8. Check the recent files updates list using find command and check them and see if there is any unknown / bad file names
9. Search using find command for some common words which will be in the hacked files . There may be false positives but this will defenitly help you to start with.
 
You must log in or register to reply here.
Older Threads
Klaus Warzecha
How to make SSH listen on multiple ports?
Replies
8
Views
7,336
24x7serverman
Klaus Warzecha
Should you modify the PHP configuration and disable commonly abused PHP functions?
Replies
5
Views
4,066
WeWatchYourWebsite
Klaus Warzecha
Vultr DDoS Protection?
Replies
8
Views
10,633
isix
David Beroff
Powerdns vs Bind
Replies
5
Views
4,483
24x7serverman
HostYouFast
OFFER Cheap DEDICATED CLOUD, SINGLE CPU, MULTI CPU - SERVERS (SSD Storage Optional) 99.9% Uptime.
Replies
0
Views
1,558
HostYouFast
Newer Threads
David Beroff
What do daily backups include?
Replies
7
Views
7,395
VirtuBox
Matt Eberlie
Is KYUP container hosting is reliable for PHP based applications?
Replies
4
Views
7,201
Matt Eberlie
BlueLeaf
Greetings Everyone!
Replies
6
Views
2,682
rankmyhub
StackArcVPS
Please review my site, Open for all kind of feedback :)
2
Replies
26
Views
8,092
superman2727
manoaratefy
WANTED Become an affiliate, get 25% commission
2
Replies
21
Views
9,103
manoaratefy
Latest Threads
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
27
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
0
Views
28
marcellosallas
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
125
jtti
Mvv758
Hello
Replies
1
Views
79
AlbaHost
D
Help Needed with Setting Up Cloudflare R2 for Object Storage
Replies
0
Views
100
dilshanking
Recommended Threads
denvercardonations
Keyword density101: How can I adjust for better page results?
Replies
1
Views
1,640
SEOPub
The Atlantic
Redirect visitors on Exit - how do you do it?
Replies
2
Views
2,243
Ron Killian
Marc0
How To Make Videos For YouTube ?
Replies
6
Views
11,258
Kelly Briter
J
Jtti:Set up a game server 2 core 2G/4G enough
Replies
0
Views
621
jtti
Maxoq
Vpsdime vs Digitalocean, which one is better?
Replies
16
Views
7,218
Mujkanovic
Similar Threads
J
How to use the rpm command to update software packages under Linux US server
Replies
0
Views
223
jtti
ssdgrow
Explore High-Performance Linux VPS Solutions with SSD Grow
Replies
2
Views
468
ssdgrow
EtaCloudTech
EtaCloudTech.com: Linux Shared Hosting, Windows Shared Hosting, VPS, Dedicated Server | -10% off...
Replies
2
Views
683
EtaCloudTech
hostnamaste
Linux SSD Reseller 25 Accounts at only $7.95/mo | LiteSpeed | CloudLinux | Free SSLs - HostNamaste
Replies
1
Views
878
hostnamaste
hostnamaste
Linux SSD Shared Hosting at only $5/yr | LiteSpeed | CloudLinux | Free SSLs - HostNamaste.com
Replies
0
Views
727
hostnamaste

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top