linux-malware-detect
linux-malware-detect copied to clipboard
rfxn
Linux Malware Detection (LMD)
Here is my first attempt at an init script to start maldet monitoring at boot (original issue #15 ). The script expects your monitor paths to be defined in the...
Create a concept for exclusion/inclusion of specific signatures/class of signatures to be quarantined.
Hi, I hope you are doing well. YARA signatures adds an interesting resource to detect complex malware. Maybe could be of interest to everyone to add a feature to be...
Doing `apt-get install maldet` could be much neater than: cd /usr/local/src wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz cd maldetect-*/ bash ./install.sh Or alternatively: cd /usr/local/src && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf...
If i import custom signatures they are importing without issue but the scan doesn't find the files. maldet(442805): {sigup} performing signature update check... maldet(442805): {sigup} local signature set is version...
Hello, i think that the the /usr/local/maldetect/modsec.sh is detecting malware where there is no malware My rule: SecRequestBodyAccess On SecTmpSaveUploadedFiles On SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/modsec.sh" "log,auditlog,deny,severity:2,phase:2,t:none,id:99587,msg:'Malware found by LMD.'" Example...
LMD not sending report mail and scan result is incorrect, in this example mentioned below I have to scan only 3 files but the report shows incorrect no: of files....
Hi, I have a cPanel server with maldet v1.6.2. I configured my maldet to auto-suspend accounts when hits are found. ``` quarantine_suspend_user="1" ``` Now I fired `maldet -m users` in...
Feb 23 11:15:06 localhost.localdomain python[62666]: SELinux is preventing /usr/bin/clamscan from write access on the file /usr/local/maldetect/tmp/.clamscan.result.278 I think it has to do with file type; when I run ls -Z...
Hello, i assume when bad guy learns that his bad script was removed or his account suspended, he will try to encode file to stay away from being detected. Does...