Linux malware scanner?

WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
We've found it best to scan files off of the webhosting server to reduce the load. The initial scan be as simple as making a zip of all the files, copying them to a server, scanning them for malware, removing all malware then copying the cleaned files back to the web server, thus overwriting any infected files and deleting all backdoors, phishing, etc files the hackers uploaded.

This eliminates the load on the server.

From the initial scan, you only have to monitor for file changes/additions, copy them to the external server, scan them and take any necessary steps to remove any malware.

You can also grab the log files on a constant basis to help in root cause analysis.
 
WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
We created our own tool. If you're used to using ClamAV you could run that, but you should also get some additional signatures. The standard base of signatures will only catch about 40% of the website malware.

You could download it your PC, but most anti-virus software for a PC will not catch all the website malware.

Website malware is totally different than PC or Mac type malware.
 
wpspeedster

wpspeedster

Well-known member
Registered
Joined
May 6, 2016
Messages
120
Points
18
WeWatchYourWebsite said:
We created our own tool.
Click to expand...
Really? what are the features of your tool? why did you create your own tool without using an existed tool out there?

WeWatchYourWebsite said:
You could download it your PC, but most anti-virus software for a PC will not catch all the website malware.

Website malware is totally different than PC or Mac type malware.
Click to expand...
Its quite exact and I tried to use an antivirus software to scan malware on infected files and not found at all. Why that?
It antivirus software just designed to scan virus?
 
WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
wpspeedster said:
Really? what are the features of your tool? why did you create your own tool without using an existed tool out there?
Click to expand...
We created our own tool because we wanted it to perform and function exactly how we needed it to. I'm a C/C++ programmer from way back in the day, so creating a new tool was not that difficult. I identified exactly what I wanted it to do and wrote it. We use Google's RE2 regex library for our signatures. Our anomaly detection and behavior analysis engines are written in C++ as well. Our systems deobfuscate PHP and javascript code. We did not find any standard libraries or programs to perform those functions so we had to create our own tools.

Its quite exact and I tried to use an antivirus software to scan malware on infected files and not found at all. Why that?
It antivirus software just designed to scan virus?
Click to expand...
Local PC and Mac based anti-virus scanners are typically looking for binaries, files that are compiled. They are good at detecting abnormal code that runs on your local computer. Website malware is totally different. Website files are typically all text. You can edit them with any text editor and they usually don't run on your local computer unless you have PHP and MySQL installed and running on your local computer.

This is why companies like us and Sucuri exist. To address the website security market - not the entire cyber security market.

I hope I've answered your questions.
 
Nixtree

Nixtree

Well-known member
Registered
Joined
Jul 16, 2016
Messages
133
Points
28
If you are having server root access, then I will suggest to have the below setup in a cpanel server / Normal server

1. Install Clamav and Clamd
2. Install Maldet
3. Enable clamav in maldet conf
4. Scan the accounts.
5. If you see even one bad files, then those accounts needs to be checked in more detail
6. In detailed check, first thing you need to do is a manual check on files in the public_html, and other uploads folders. If you are seeing any bad files which are not related to the CMS, then you should check them in more detail. EAch CMS have some most vulnerable areas which will be getting hacked more commonly.
7. Ask all your clients to have wordpress/jomla upgraded to the latest version and inform customers to upgrade if any have not done.
8. Check the recent files updates list using find command and check them and see if there is any unknown / bad file names
9. Search using find command for some common words which will be in the hacked files . There may be false positives but this will defenitly help you to start with.
 
You must log in or register to reply here.
Older Threads
Klaus Warzecha
How to make SSH listen on multiple ports?
Replies
8
Views
7,288
24x7serverman
Klaus Warzecha
Should you modify the PHP configuration and disable commonly abused PHP functions?
Replies
5
Views
4,053
WeWatchYourWebsite
Klaus Warzecha
Vultr DDoS Protection?
Replies
8
Views
10,605
isix
David Beroff
Powerdns vs Bind
Replies
5
Views
4,469
24x7serverman
HostYouFast
OFFER Cheap DEDICATED CLOUD, SINGLE CPU, MULTI CPU - SERVERS (SSD Storage Optional) 99.9% Uptime.
Replies
0
Views
1,555
HostYouFast
Newer Threads
David Beroff
What do daily backups include?
Replies
7
Views
7,371
VirtuBox
Matt Eberlie
Is KYUP container hosting is reliable for PHP based applications?
Replies
4
Views
7,182
Matt Eberlie
BlueLeaf
Greetings Everyone!
Replies
6
Views
2,666
rankmyhub
StackArcVPS
Please review my site, Open for all kind of feedback :)
2
Replies
26
Views
8,054
superman2727
manoaratefy
WANTED Become an affiliate, get 25% commission
2
Replies
21
Views
9,064
manoaratefy
Latest Threads
J
Are cloud servers cheaper in cost than traditional servers?
Replies
0
Views
30
jtti
DemoTiger
90% of consumers want to see more videos from brands.
Replies
0
Views
27
DemoTiger
J
Understanding Cloud Server Network Metrics: Key Performance Indicators
Replies
0
Views
33
jtti
J
Jtti Black Friday flash sale: 80% off annual payment for unlimited cloud servers, starting at $24.62/year, 2C2G in Hong Kong as low as $4.3/month
Replies
0
Views
63
jtti
Emily Routledge
Best Laptop recommendations for Work and Casual Gaming around $1000?
Replies
0
Views
135
Emily Routledge
Recommended Threads
cochinweb
Difference Between Commercial SSL and Cloudflare SSL
Replies
17
Views
8,875
VirtuBox
rsewak
New Blog Review
Replies
0
Views
2,870
rsewak
paulgl
Should I put up a photo of myself on a blog?
2
Replies
24
Views
7,521
Alexander_K
R
Understanding Dedicated Server Costs: Budgeting for Your Hosting Needs
Replies
3
Views
1,635
rxdenver
rizwanramzan
Are videos important for an SEO optimized article?
Replies
3
Views
2,563
rizwanramzan
Similar Threads
J
How to use the rpm command to update software packages under Linux US server
Replies
0
Views
205
jtti
ssdgrow
Explore High-Performance Linux VPS Solutions with SSD Grow
Replies
2
Views
464
ssdgrow
EtaCloudTech
EtaCloudTech.com: Linux Shared Hosting, Windows Shared Hosting, VPS, Dedicated Server | -10% off...
Replies
2
Views
673
EtaCloudTech
hostnamaste
Linux SSD Reseller 25 Accounts at only $7.95/mo | LiteSpeed | CloudLinux | Free SSLs - HostNamaste
Replies
1
Views
868
hostnamaste
hostnamaste
Linux SSD Shared Hosting at only $5/yr | LiteSpeed | CloudLinux | Free SSLs - HostNamaste.com
Replies
0
Views
721
hostnamaste

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top