search

rfxn / linux-malware-detect

Linux Malware Detection (LMD)
http://www.rfxn.com/projects/linux-malware-detect/
GNU General Public License v2.0
1.2k stars 234 forks source link

Add signature to panel alerts and fix some white spacing issues #426

Open JamesColeman-LW opened 1 year ago

JamesColeman-LW commented 1 year ago

Tests:

$ maldet -a /home/aeb2c860/390592c2cd.nxcli.io/test/
Linux Malware Detect v1.6.5
            (C) 2002-2023, R-fx Networks <proj@rfxn.com>
            (C) 2023, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(10012): {scan} signatures loaded: 17637 (14801 MD5 | 2053 HEX | 783 YARA | 0 USER)
maldet(10012): {scan} building file list for /home/aeb2c860/test/, this might take awhile...
maldet(10012): {scan} setting maximum execution time for 'find' file list: 28800sec
maldet(10012): {scan} setting nice scheduler priorities for all operations: cpunice 18 , ionice 6
maldet(10012): {scan} file list completed in 0s, found 732 files...
maldet(10012): {scan} found clamav binary at /bin/clamdscan, using clamav scanner engine...
maldet(10012): {scan} scan of /home/aeb2c860/test/ (732 files) in progress...
maldet(10012): {scan} processing scan results for hits: 1 hits 0 cleaned
maldet(10012): {scan} scan completed on /home/aeb2c860/test/: files 732, malware hits 1, cleaned hits 0, time 1s
maldet(10012): {scan} scan report saved, to view run: maldet --report 231106-2138.10012
maldet(10012): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 231106-2138.10012
maldet(10012): {alert} sent scan report to EMAILADDR
maldet(10012): {panel} Detecting control panel and sending alerts...
maldet(10012): {panel} Detected control panel interworx. Will send alerts to control panel account contacts.

Email received:

FILE HIT LIST:
{YARA}nex_webshell_options : /chroot/home/aeb2c860/test/infected.php

Test with quarantine:

$ maldet -a /home/aeb2c860/390592c2cd.nxcli.io/test/
Linux Malware Detect v1.6.5
            (C) 2002-2023, R-fx Networks <proj@rfxn.com>
            (C) 2023, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(15843): {scan} signatures loaded: 17637 (14801 MD5 | 2053 HEX | 783 YARA | 0 USER)
maldet(15843): {scan} building file list for /home/aeb2c860/test/, this might take awhile...
maldet(15843): {scan} setting maximum execution time for 'find' file list: 28800sec
maldet(15843): {scan} setting nice scheduler priorities for all operations: cpunice 18 , ionice 6
maldet(15843): {scan} file list completed in 0s, found 732 files...
maldet(15843): {scan} found clamav binary at /bin/clamdscan, using clamav scanner engine...
maldet(15843): {scan} scan of /home/aeb2c860/test/ (732 files) in progress...
maldet(15843): {scan} processing scan results for hits: 1 hits 0 cleaned
maldet(15843): {scan} scan completed on /home/aeb2c860/test/: files 732, malware hits 1, cleaned hits 0, time 2s
maldet(15843): {scan} scan report saved, to view run: maldet --report 231106-2142.15843
maldet(15843): {alert} sent scan report to EMAIL
maldet(15843): {panel} Detecting control panel and sending alerts...
maldet(15843): {panel} Detected control panel interworx. Will send alerts to control panel account contacts.

Email list:

FILE HIT LIST:
{YARA}nex_webshell_options : /chroot/home/aeb2c860/test/infected.php