malware : How to detect?
I am currently running clamav. Is there any way of detecting malware.
either: Software script or another alternative thank you |
You'd probably want to ask one of the Mods (via the Report button) to move this to the Security forum.
That being said, try rkhunter for a start. (& read the sticky post at the top of the Security forum) |
I found an application called Maldet. wahoo....
will look at rkhunter |
Quote:
What exactly do you mean by "Is there any way of detecting malware."? |
|
Quote:
|
Quote:
Maldet is good stuff, rkhunter is good stuff. clamav is, well, a good reporting tool. Doesn't clean. I'd like to suggest https://www.linuxquestions.org/quest...erences-45261/ as a starting point. Same as any other "unknown" situations, use caution and proceed slowly. You'll have to elaborate further I'm afraid. There is little protection from generalized unknowns, except to use a "noscript" and "adblock" type plugins for your update-to-date browser choice. That is one of my opinions. Good Luck. |
The way to protect against malware is to incorporate much better security practices. For instance:
(1) Use "ad blockers" on all of your web site surfing. Consider "surfing" from a separate user-id which you use for no other purpose. (2) Install software that creates protected backups continuously throughout the day. (Apple's Time Machine is a now-legendary example.) (3) Never run as an "Administrator," a member of the wheel group on Linux, nor any other user-id that is capable of attaining elevated privileges. Never respond to a request for such a password unless you know damned sure that it is valid, and then only when you are logged-on to the (one ...) administrative account. (This is the "Principle of Least Privilege.") (4) Apply all updates especially security updates religiously. (5) When managing servers, don't use software such as Plesk, PhpMyAdmin, and so on. (6) Don't expose services to the outside world. Install OpenVPN with 4096-bit unique certificates and tls-auth, and confine all services to "listen" only to the virtual network-adapters created by OpenVPN inside the tunnel. Now, to the outside world, "there is nothing there," and yet authorized users can pass through effortlessly – if their credentials have not been revoked by you – and you know each one of them by name. Only once they have passed this first gantlet, they can even try to use ssh and so forth (only with more unique certificates, of course ... :tisk:) to get farther. Remember that a computer is not a biological organism: it cannot "become infected." It will not run software unless told to do so and that software can't do anything you can't. |
I have just about done all that -quite smitten. :-) . Only thing I need to implement now is Open VPN.
Thanks. |
Well, also be aware of this: OpenVPN is "a cryptographically-secure TCP/IP Router (or Bridge), implemented almost entirely in user-mode software." Nothing more, nothing less.
If you are using it as a client, in order to connect to someplace else, OpenVPN will really do nothing for you nor against you: "it's just a pipe." If you employ it as the outer-bastion of a computer that you have which is connected as a server to the public Internet, OpenVPN (with tls-auth and proper use of one-of-a-kind digital certificates) can absolutely shut down all(!) "unauthorized access attempts" to ssh or anything else. Simply make sure (by iptables rules as well as individual client configuration ...) that all of these services are listening only to "this side of the OpenVPN tunnel," and that they will accept traffic from nowhere else. Presto! They have now completely disappeared. No "open sockets" to scan. No indication whatsoever that they are even there. No way to reach them, and no way to detect them ... unless ... ... unless you are an authorized user bearing the proper (and, non-revoked ...) credentials, in which case you pass right through, virtually without pause. Now you can see and use these services. |
Quote:
1. ClamAV 2. Sophos 3. Comodo 4. Chkrootkit 5. F-PROT 6. Rootkit Hunter ( Rootkit application ) 7. BitDefender ( cough cough ) Description and links below http://www.makeuseof.com/tag/free-li...irus-programs/ |
Quote:
|
Quote:
I just listed it because it was in the article. Anyway, the article mentions that it is a rootkit application. I don't know why the blogger/writer put rkhunter with the antivirus/malware category. |
Quote:
|
Quote:
Anyway, you know and I know and others know that rkhunter is a rootkit application. And those who didn't know will find out in the article. The article has a description for each product listed. - cheers |
All times are GMT -5. The time now is 01:23 AM. |