SIGN IN / UP
      SIGN IN / UP

      We use cookies and similar technologies necessary for the site to function. Optional cookies from third parties are used to improve our service and to provide you with personalized content and advertising if you agree. You can freely opt out here or customize your choice of optional cookies by clicking "Additional settings". Please see our privacy policy and cookies policy for more information on what data is collected and how it is shared with our partners.

      Cookies Policy
      Marketing
      These cookies may be placed on the site by our advertising partners. These companies may use them to build a profile of your interests and show relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and device online. If you do not allow these cookies, you will see fewer targeted ads.
      Functional
      These cookies allow the site to provide advanced features and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not authorize the use of these cookies, some of our services may not work properly.
      Necessary
      These cookies allow us to count the number of visits and traffic sources to measure and improve the performance of our site. They help us to know which pages are the most or least popular and to see how many people are visiting the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not authorize the use of these cookies, we will not know when you have visited our site and will not be able to track its performance.
      Cookies Policy
      opened image

      How to check for viruses Linux server

      Similar articles:
      How to connect to a server via FTP, SFTP, and SCP Upgrading and downgrading PHP on CentOS 7 How to Install Docker on Centos 7 Adding a database to the VestaCP panel VPN uses different protocols and ports for security and anonymity

      Forex Server

      FROM €2.75/MONTH

      To ensure anti-virus protection of a server with a Linux operating system (in this article we will talk about most distribution options), there are software products that can work standalone or be built into the server control panel. We will look at installing and configuring a standalone Linux Malware Detect (Maldet) virus scanner.

       

      Features and functionality:

       

      Maldet is an antivirus scanner with the following features:

       

      1. Scan the entire server (or individual folders) for suspicious files;

       

      2. Disinfect infected files and/or send them to quarantine. This is an important feature that ensures that the virus does not spread throughout the server;

       

      3. Check only those files that were created a certain time ago. This feature allows you to effectively use the antivirus without loading the server during daily scheduled scans;

       

      4. Monitor certain folders on an ongoing basis, as well as correctly handle exceptions previously described by the administrator.

       

      Installation

       

      Let's run the commands to install Maldet on the server:

       

      Let's go to the installation folder:

      cd /usr/local/src/

       

      Download the installation scripts to the server from the official site:

       

      wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

       

       

      Unzip the resulting archive

       

      tar -zxvf maldetect-current.tar.gz

       

       

      go to the folder with the installation scripts and run the installation of Maldet

       

      cd maldetect-*/

       

      bash install.sh

       

       

      The program (executable file) is placed by the installation script in the /usr/local/maldetect/maldet folder and a symlink is created to this file in the /usr/local/sbin/maldet folder.

       

      In addition, a task is immediately created in the /etc/cron.daily/maldet scheduler for daily antivirus checks. If you do not need daily checks on the server, you can move or delete this file.

       

      How to use Maldet.

       

      We strongly recommend that before you start checking the server for viruses, especially if the "cure" option is enabled (described below), create a snapshot (relevant for virtual server services).

       

      Let's consider the basic, most necessary commands for working with Maldet antivirus.

       

      1. Update the virus signature databases (although, immediately after installing the antivirus, everything is up to date)

       

      maldet -u

       

      2. Start scanning a specific directory

       

      maldet -a /home/admin/web

       

       

      After the scan is completed, the antivirus will provide a report and a unique ID of this report, which can be used later in useful functions.

       

      maldet(27233): {scan} scan report saved, to view run: maldet --report 125478-0205.34521

       

      3. Move all detected suspicious files to quarantine

       

      maldet -q 125478-0205.34521

       

      4. Clean up quarantined infected files

       

      maldet -n 125478-0205.34521

       

      If the "treatment" is successful, the file will be automatically moved from the quarantine

       

      It should be noted that an antivirus can not always correctly "cure" a file from malicious code. Use this feature carefully.

       

      5. Restore all quarantined files of a specific report

       

      maldet -s 125478-0205.34521

       

      or restore only one file

       

      maldet -s /home/admin/web/mysite.com/p[ublic_html/index.php

       

      6. You can also view a list of previously created reports

       

      maldet -e list

       

       

      or open one of the reports

       

      maldet -e 125478-0205.34521

       

      Configuring Maldet Antivirus

       

      All the necessary settings are in one file /usr/local/maldetect/conf.maldet, thematically structured. there is a description of each parameter. In addition, the team

       

      maldet -h

       

      displays hints for the program

       

       

      In the configuration file, in the General Options section, you can specify whether to send reports to the administrator by email after the scan is completed.

       

      An important option, which must be enabled carefully (default - disabled)

       

      quarantine_clean

       

      It allows you to "cure" infected objects during scanning. Changes in files after disinfection cannot be rolled back.

       

      Also in the same configuration file there are options that allow you to fine-tune the operation of the scanner: for example, specify scan exclusions for files or folders, which folders to include in constant monitoring, or whether only folders of server users should be checked.

       

      In general, we recommend using Maldet as a scanner to detect potential threats on the server.

      Similar articles:
      How to connect to a server via FTP, SFTP, and SCP Upgrading and downgrading PHP on CentOS 7 How to Install Docker on Centos 7 Adding a database to the VestaCP panel VPN uses different protocols and ports for security and anonymity

      Forex Server

      FROM €2.75/MONTH