ال ام دی Linux Malware Detect
یک اسکریپت سورس باز ( opensource ) برای اسکن ویروس مال وار ، در لینوکس می باشد برای نصب مراحل زیر رو انجام بدید .
دستورات
# cd /tmp # wget http://www.rfxn.com/downloads/maldetect-current.tar.gz نصب
# tar xfz maldetect-current.tar.gz # cd maldetect-* # ./install.sh خروجی دستور به این شکل هست
Linux Malware Detect v1.4.1 (C) 2002-2011, R-fx Networks (C) 2011, Ryan MacDonald inotifywait (C) 2007, Rohan McGovern This program may be freely redistributed under the terms of the GNU GPL installation completed to /usr/local/maldetect config file: /usr/local/maldetect/conf.maldet exec file: /usr/local/maldetect/maldet exec link: /usr/local/sbin/maldet exec link: /usr/local/sbin/lmd cron.daily: /etc/cron.daily/maldet maldet(3092): {sigup} performing signature update check... maldet(3092): {sigup} local signature set is version 201205035915 maldet(3092): {sigup} new signature set (2012071115632) available maldet(3092): {sigup} downloaded http://www.rfxn.com/downloads/md5.dat maldet(3092): {sigup} downloaded http://www.rfxn.com/downloads/hex.dat maldet(3092): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.ndb maldet(3092): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.hdb maldet(3092): {sigup} downloaded http://www.rfxn.com/downloads/maldet-clean.tgz maldet(3092): {sigup} signature set update completed maldet(3092): {sigup} 9649 signatures (7782 MD5 / 1867 HEX) برای تنظیمات
# vi /usr/local/maldetect/conf.maldet نمونه تنظیمات
# [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=1 # The subject line for email alerts email_subj="maldet alert from $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="tecmint.com@gmail.com" # Ignore e-mail alerts for reports in which all hits have been cleaned. # This is ideal on very busy servers where cleaned hits can drown out # other more actionable reports. email_ignore_clean=0 ## # [ QUARANTINE OPTIONS ] ## # The default quarantine action for malware hits # [0 = alert only, 1 = move to quarantine & alert] quar_hits=1 # Try to clean string based malware injections # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = clean] quar_clean=1 # The default suspend action for users wih hits # Cpanel suspend or set shell /bin/false on non-Cpanel # [NOTE: quar_hits=1 required] # [0 = disabled, 1 = suspend account] quar_susp=0 # minimum userid that can be suspended quar_susp_minuid=500