linux-malware-detect icon indicating copy to clipboard operation
linux-malware-detect copied to clipboard

Published 20 hours ago verified publisher icon rfxn

LMD Detects 2 Hits Without Directory Information

Open an-schall opened this issue 4 years ago • 0 comments

Hi, after executing 'sudo maldet -a /'

LMD provides the following report:

HOST:      foo.bar.baz
SCAN ID:   210117-2223.1145531
STARTED:   Jan 17 2021 22:23:26 +0000
COMPLETED: Jan 18 2021 22:01:12 +0000
ELAPSED:   85066s [find: 42s]

PATH:          /
TOTAL FILES:   579780
TOTAL HITS:    2
TOTAL CLEANED: 0

WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users!
To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run:
/usr/local/sbin/maldet -q 210117-2223.1145531

FILE HIT LIST:
{HEX}php.cmdshell.antichat.201 : /home/foo/maldetect-1.6.4/files/sigs/rfxn.yara
{HEX}php.gzbase64.inject.452 : /home/foo/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed
===============================================
Linux Malware Detect v1.6.4 < [email protected] >

I struggle to interpret the results of the two hits. Is it in the home directory and what does HEX mean?

an-schall avatar Jan 19 '21 07:01 an-schall