maldet(15338): {scan} scan returned empty file list; check that path exists and contains files in scope of configuration. maldetect-1.6.4

rfxn / linux-malware-detect

Linux Malware Detection (LMD)

http://www.rfxn.com/projects/linux-malware-detect/

GNU General Public License v2.0

1.2k stars 234 forks source link

maldet(15338): {scan} scan returned empty file list; check that path exists and contains files in scope of configuration. maldetect-1.6.4 #382

Open Munawirsyah13 opened 3 years ago

Munawirsyah13 commented 3 years ago

[root@malware ~]# maldet -a /root/Documents/malware/thezoo/ Linux Malware Detect v1.6.4 (C) 2002-2019, R-fx Networks proj@rfxn.com (C) 2019, Ryan MacDonald ryan@rfxn.com This program may be freely redistributed under the terms of the GNU GPL v2

maldet(15338): {scan} signatures loaded: 17253 (14431 MD5 | 2039 HEX | 783 YARA | 0 USER) maldet(15338): {scan} building file list for /root/Documents/malware/thezoo/, this might take awhile... maldet(15338): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6 maldet(15338): {scan} scan returned empty file list; check that path exists and contains files in scope of configuration.

tisc0 commented 3 years ago

Seems maldet is not scanning files owned by root. (#273) I'll be glad to get over that limitation. Seeking for the option, not finding anything for now.

tisc0 commented 3 years ago

Hi ! Glad I kept that tab open, the answer is simply in /usr/local/maldetect/conf.maldet :

# As a design and common use case, LMD typically only scans user space paths
# and as such it makes sense to ignore files that are root owned. It is
# recommended to leave this enabled for best performance.
# [ 0 = disabled, 1 = enabled ]
scan_ignore_root="0"

kalleboy commented 2 years ago

Hello there.

I have the same issue on FreeBSD 13. Getting the same error on any directory I try to scan.

Have scan_ignore_root="0" as well, in config file.

Any idea?

kalleboy commented 2 years ago

Sorry for the bump. Any idea on how to solve this?

w3bservice commented 2 years ago

Send the error message

kalleboy commented 2 years ago

"maldet(15338): {scan} scan returned empty file list; check that path exists and contains files in scope of configuration."

Mikanoshi commented 2 years ago

"maldet(15338): {scan} scan returned empty file list; check that path exists and contains files in scope of configuration."

Try to start like this: OSTYPE=FreeBSD maldet -a /path. This OS detection is incorrect as $OSTYPE can return something like "freebsd13.0": https://github.com/rfxn/linux-malware-detect/blob/master/files/internals/internals.conf#L27