Connectindo

Bahasa/Mata Uang:

Malware Scanner setup on the Web Server

Malware Scanner setup on the Web Server
Web Malware Scanner install on your server is something that needs to be done especially if the server that you need to manage is quite a lot. This can only be done if you have the right to full access to your server either VPS or Dedicated Server. One Malware Scanner is a free and well-known is Linux Malware Detect who is able to work very well to scan on Linux-based servers. Malware database which is always updated by Team Cymru in order to able to detect the latest malware. Linux Malware Detect can also integrate with Clam AV scanner that can accelerate the scanning process on the server.

Download Linux Malware Detect (LMD)

  wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

extract LMD

  tar -xvf maldetect-current.tar.gz

Remove the LMD Archive

  rm maldetect-current.tar.gz

Run the installer LMD

  cd maldetect- *

 ./install.sh
… this will download the latest hash registry databases, now to configure

Configure Linux Malware Detect

Using nano…
nano /usr/local/maldetect/conf.maldet

Set up Email Alerts

# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=0

# The subject line for email alerts
email_subj="maldet alert from $(hostname)"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="you@domain.com"
Swap the alert toggle to 1, adjust the subject line if desired, add in your email address.

Daily Malware Scans

When installed LMD (Linux Malware Detect) adds a cron job to the daily folder:
/etc/cron.daily/maldet
This cron job will update the malware registry it initially downloaded including any new malware threats and also scan all home directories on the server. If anything is found you will get an email about it telling you the path to the offending file.

Dealing With Malware Files

Once you get a file hit on malware you can open the file and clean the malware code out. Then progress to how it got in in the first place – software patching, updating passwords etc You can also opt to have LMD quarantine any file it finds – this is done back in the config file under the Email Alert section:
# [ QUARANTINE OPTIONS ]
##
# The default quarantine action for malware hits
# [0 = alert only, 1 = move to quarantine & alert]
quar_hits=0

# Try to clean string based malware injections
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = clean]
quar_clean=1
The default is just to alert, but you can opt to remove the file from the filing system and have LMD also try and remove the malware code – then you just need to inspect and restore the file.

Manual Malware Scans

Of course you can also run manual scans at will on all files or selectively:
 maldet -a /home/homedir/public_html/
Or all home directories using a wildcard – ?:
 maldet -a /home/?/public_html/

Further Options

Check further usage with:
maldet --help

Using ClamAV Binary as Scanner Engine on cPanel/WHM Server

You can use the ClamAV as the scanner engine which speeds up the scanning process, if using cPanel as the server you can install ClamAv in WHM under Manager Plugins – once installed the actual binary is filed under :
/usr/local/cpanel/3rdparty/bin/clamscan

But LMD is looking for it here:

/usr/bin/clamscan

Make a soft link alias:

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan

Now the scan time will be up to 4 times faster (other non-cpanel servers will have the binary in the right place – (well, maybe)