LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-30-2017, 01:19 AM   #1
jamiebbbb
Member
 
Registered: Mar 2017
Location: Victoria, Australia
Distribution: Debian Wheezy
Posts: 34

Rep: Reputation: Disabled
malware : How to detect?


I am currently running clamav. Is there any way of detecting malware.
either:
Software
script
or another alternative

thank you
 
Old 03-30-2017, 01:39 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,861

Rep: Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596Reputation: 2596
You'd probably want to ask one of the Mods (via the Report button) to move this to the Security forum.
That being said, try rkhunter for a start.
(& read the sticky post at the top of the Security forum)
 
Old 03-30-2017, 02:23 AM   #3
jamiebbbb
Member
 
Registered: Mar 2017
Location: Victoria, Australia
Distribution: Debian Wheezy
Posts: 34

Original Poster
Rep: Reputation: Disabled
I found an application called Maldet. wahoo....
will look at rkhunter
 
Old 03-30-2017, 03:19 AM   #4
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049
Quote:
Originally Posted by jamiebbbb View Post
I am currently running clamav. Is there any way of detecting malware.
either:
Software
script
or another alternative

thank you
rkhunter is not an anti-virus app; however, Sophos, clamav (which you already have), among many others are. And will detect malware.

What exactly do you mean by "Is there any way of detecting malware."?

Last edited by jsbjsb001; 03-30-2017 at 03:21 AM.
 
Old 03-30-2017, 03:26 AM   #5
jamiebbbb
Member
 
Registered: Mar 2017
Location: Victoria, Australia
Distribution: Debian Wheezy
Posts: 34

Original Poster
Rep: Reputation: Disabled
https://blog.hostonnet.com/how-to-in...are-detect-lmd
 
Old 03-30-2017, 06:45 AM   #6
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 7,231

Rep: Reputation: Disabled
Quote:
Originally Posted by jamiebbbb View Post
So you are trying to protect Windows machines connected to your host?
 
Old 03-30-2017, 07:35 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by jamiebbbb View Post
or another alternative
That's the kicker, What protection from unknowns?
Maldet is good stuff, rkhunter is good stuff. clamav is, well, a good reporting tool. Doesn't clean.

I'd like to suggest https://www.linuxquestions.org/quest...erences-45261/
as a starting point.

Same as any other "unknown" situations, use caution and proceed slowly.
You'll have to elaborate further I'm afraid. There is little protection from generalized unknowns,
except to use a "noscript" and "adblock" type plugins for your update-to-date browser choice.

That is one of my opinions.
Good Luck.
 
Old 03-30-2017, 07:51 AM   #8
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,142
Blog Entries: 4

Rep: Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229
The way to protect against malware is to incorporate much better security practices. For instance:

(1) Use "ad blockers" on all of your web site surfing. Consider "surfing" from a separate user-id which you use for no other purpose.

(2) Install software that creates protected backups continuously throughout the day. (Apple's Time Machine is a now-legendary example.)

(3) Never run as an "Administrator," a member of the wheel group on Linux, nor any other user-id that is capable of attaining elevated privileges. Never respond to a request for such a password unless you know damned sure that it is valid, and then only when you are logged-on to the (one ...) administrative account. (This is the "Principle of Least Privilege.")

(4) Apply all updates especially security updates religiously.

(5) When managing servers, don't use software such as Plesk, PhpMyAdmin, and so on.

(6) Don't expose services to the outside world. Install OpenVPN with 4096-bit unique certificates and tls-auth, and confine all services to "listen" only to the virtual network-adapters created by OpenVPN inside the tunnel. Now, to the outside world, "there is nothing there," and yet authorized users can pass through effortlessly – if their credentials have not been revoked by you – and you know each one of them by name. Only once they have passed this first gantlet, they can even try to use ssh and so forth (only with more unique certificates, of course ... ) to get farther.

Remember that a computer is not a biological organism: it cannot "become infected." It will not run software unless told to do so and that software can't do anything you can't.

Last edited by sundialsvcs; 03-30-2017 at 07:57 AM.
 
1 members found this post helpful.
Old 03-30-2017, 08:59 PM   #9
jamiebbbb
Member
 
Registered: Mar 2017
Location: Victoria, Australia
Distribution: Debian Wheezy
Posts: 34

Original Poster
Rep: Reputation: Disabled
I have just about done all that -quite smitten. :-) . Only thing I need to implement now is Open VPN.
Thanks.
 
Old 03-30-2017, 09:36 PM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,142
Blog Entries: 4

Rep: Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229
Well, also be aware of this: OpenVPN is "a cryptographically-secure TCP/IP Router (or Bridge), implemented almost entirely in user-mode software." Nothing more, nothing less.

If you are using it as a client, in order to connect to someplace else, OpenVPN will really do nothing for you nor against you: "it's just a pipe."

If you employ it as the outer-bastion of a computer that you have which is connected as a server to the public Internet, OpenVPN (with tls-auth and proper use of one-of-a-kind digital certificates) can absolutely shut down all(!) "unauthorized access attempts" to ssh or anything else. Simply make sure (by iptables rules as well as individual client configuration ...) that all of these services are listening only to "this side of the OpenVPN tunnel," and that they will accept traffic from nowhere else. Presto! They have now completely disappeared. No "open sockets" to scan. No indication whatsoever that they are even there. No way to reach them, and no way to detect them ... unless ...

... unless you are an authorized user bearing the proper (and, non-revoked ...) credentials, in which case you pass right through, virtually without pause. Now you can see and use these services.
 
Old 03-30-2017, 10:51 PM   #11
DDukes
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Rep: Reputation: Disabled
Quote:
Originally Posted by jamiebbbb View Post
I am currently running clamav. Is there any way of detecting malware.
either:
Software
script
or another alternative

thank you
If you need it. Here are 7 FREE Linux antivirus/malware to try.

1. ClamAV
2. Sophos
3. Comodo
4. Chkrootkit
5. F-PROT
6. Rootkit Hunter ( Rootkit application )
7. BitDefender ( cough cough )

Description and links below

http://www.makeuseof.com/tag/free-li...irus-programs/

Last edited by DDukes; 03-30-2017 at 11:54 PM.
 
Old 03-30-2017, 11:01 PM   #12
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049
Quote:
Originally Posted by DDukes View Post
..........
6. Rootkit Hunter
Rootkit Hunter is NOT an antivirus app, it checks your system for local exploits and other security vulnerability's, on your local system!
 
Old 03-30-2017, 11:13 PM   #13
DDukes
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Rep: Reputation: Disabled
Quote:
Originally Posted by jsbjsb001 View Post
Rootkit Hunter is NOT an antivirus app, it checks your system for local exploits and other security vulnerability's, on your local system!
I know that.

I just listed it because it was in the article. Anyway, the article mentions that it is a rootkit application. I don't know why the blogger/writer put rkhunter with the antivirus/malware category.
 
Old 03-30-2017, 11:15 PM   #14
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,869

Rep: Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049Reputation: 2049
Quote:
Originally Posted by DDukes View Post
I know that.

I just listed it because it was in the article. Anyway, the article mentions that it is a rootkit application. I don't know why the blogger/writer put rkhunter with the antivirus/malware category.
So why post it??
 
Old 03-30-2017, 11:47 PM   #15
DDukes
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Rep: Reputation: Disabled
Quote:
Originally Posted by jsbjsb001 View Post
So why post it??
Because I wanted to helpful. And I was quickly copying and pasting the 7 names from the article to my post.

Anyway, you know and I know and others know that rkhunter is a rootkit application. And those who didn't know will find out in the article. The article has a description for each product listed.

- cheers
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Malware Detect (LMD) Overview LXer Syndicated Linux News 0 02-02-2017 06:33 PM
LXer: How to Install Linux Malware Detect (LMD) and ClamAV on CentOS 7 LXer Syndicated Linux News 0 10-31-2016 12:54 PM
LXer: Detect rootkits and malware on Linux Servers using rkhunter LXer Syndicated Linux News 0 06-26-2013 07:01 PM
Linux Malware Detect (LMD)/netofficedwins_demosession.nasl OtagoHarbour Linux - Security 8 07-29-2012 03:51 PM
Malware Detect questions, please answer. TheOnlyQ Linux - Newbie 1 05-17-2011 07:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration