linux-malware-detect
linux-malware-detect copied to clipboard
rfxn
Linux Malware Detection (LMD)
maldet should be able to use yara rules. Yes we can use clamav for that. But using clamav with maldet sometimes there's a bug not found any malware when scanning.
Overriding internals variables via `conf.maldet.cron` isn't working on CentOS 7. Doing some testing, I found that the issue arises from using both `source` and `.` in the cron.daily file. Changing...
If we are running in monitor mode, then the daily crontab will simply call 'maldet --monitor-report', this calls genalert in digest mode instead of file mode. The scan function calls...
In my testing sometimes the malware name seems to missing from the /usr/local/maldetect/sess/quarantine.hist randomly. To replicate: Download the sample malware collection from below into a web directory and run a...
There is a problem in internals/functions file. In the line 1660, there is an if that looks for inotify_ in /boot/System.map-$(uname -r) In Debian this file only contain the following...
When the maldet daemon is running the ClamAV daemon always thinks that signature databases have changed (according to the SelfCheck interval) and forces a reload of signatures (even though signatures...
I got error during installation: update-rc.d: error: unable to read /etc/init.d/maldet
Hello, I'm using version **1.6.4**, **OS Debian 10**, and when I try this after scan (maldet -a /): **maldet -s id** I get output with a lot of those: `cat:...
That's weird: Ran a full system scan, and LMD reports 2 hits, both in LMD's directory. "LMD's directory" is the place where I extracted the archive and ran the install...
Seems latest rfxn database identifies `openssl-1.1.1c/include/openssl/tls1.h` as `YARA.php_malware_hexinject.UNOFFICIAL`. To replicate: ```sh mkdir /tmp/scan cd /tmp/scan wget https://anaconda.org/conda-forge/openssl/1.1.1c/download/linux-64/openssl-1.1.1c-h516909a_0.tar.bz2 tar xf openssl-1.1.1c-h516909a_0.tar.bz2 rm -f /var/lib/clamav/rfxn.* ``` Plain clamscan without rfxn db: ```sh...
