Portal Home > Knowledgebase > Articles Database > CentOS antivirus. Malware problems

CentOS antivirus. Malware problems

Posted by vaarsn, 09-15-2015, 08:04 AM
For a few days I'm fighting with injections, which were performed earlier. I have WHM installed, based on CentOS 6.7, mod_security and mod_ruid2 installed. I'm using Linux Malware Detection tool to check my sites after I'm getting an alerts from CSF firewall about mail RELAY, or unusual script activity. Most of time it (maldet) can't find nothing, so I need to search infected files manually. For some reason it can't determine even What I'm doing is compressing files and folders, transferring the archive to my local workstation and checking the archive with antivirus software (Kaspersky Antivirus). Could you please suggest really useful tool to check Linux servers for viruses? Thanks.

Posted by Prefork, 09-15-2015, 04:28 PM
Install cXs on your server. It prices $60. As for mod_security, what ruleset are you using?

Posted by PlatinumVPS, 09-15-2015, 11:51 PM
ClamAV is also a good anti-virus tool. You can follow this guide and install it in your server: https://www.centosblog.com/how-to-in...ing-on-centos/ If you are having websites on this server and using any CMS application for them then make sure that its version (including plug-ins, themes, modules, etc.) is up-to-date.

Posted by Srv24x7, 09-16-2015, 03:04 AM
Hi, Does your installation of maldet combined with clam to perform good scan? If not, please confirm it and then scan.

Posted by vaarsn, 09-16-2015, 03:16 AM
Indeed, maldet uses ClamAV core for scanning, so I'm pretty confused why it can't determine the viruses. Any suggestions?

Posted by vaarsn, 09-17-2015, 03:39 AM
Guys, any suggestions on this? The server just killing my mind. Nobody can help.

Posted by Srv24x7, 09-17-2015, 03:57 AM
CXS is the only tool that should be able to get rid of this problem. See if you have CXSwatch running as should it quarantine such files.

Posted by vaarsn, 09-17-2015, 05:15 AM
Is there any free analogs of CXS?

Posted by mellow-h, 09-18-2015, 05:18 AM
There must be a reason why clam failing to detect the virus. You might want to troubleshoot. If kaspersky is detecting the virus, what about adding Kaspersky Antivirus Linux? http://www.kaspersky.com/product-upd...rver-antivirus If you are trying kaspersky, I suggest you to remove it once you are done scanning. It takes a huge amount of CPU and IO if you use runtime kaspersky protection. You can use the Antivirus for free, but if you want to use Endpoint security, you would need to pay. There is another good Antivirus for free of charge you may use in Linux, comodo antivirus: https://www.comodo.com/home/internet...-for-linux.php If you are not interested in using Kaspersky, only then you may want to choose comodo. Good luck.

Posted by XavierM, 09-18-2015, 02:06 PM
Are you talking about mysql injections? If yes, that would involve the coding of the websites, not a virus. You would need to check the coding to ensure to prevent sql injections. If you are using a CMS like wordpress make sure everything is up to date. Otherwise there a lot of antiviruses for linux out there. And some antivirus can scan remote or networked drives. There is no need for you to scan the files locally, that sounds like a lot of work!

Posted by serversolutions24x7, 09-18-2015, 08:26 PM
Yes, I would also suggest you CXS which is active live scanner and scan the files upon upload. You may also configure it to quarantine the files if it triggers the rule. Maldet is also the good option but I doubt it would detect the mentioned codes. Another thing I would suggest you to make sure that your websites applications are up to date.

Posted by USHost247-ChrisGrigg, 09-18-2015, 08:41 PM
I highly recommend CXS. It has saved us a few times before and continues to protect us. Cost me only $50 one time fee. Mail RELAY seems like a mail bomber somewhere on one of the accounts. CXS should find it.

Posted by FantazyM, 10-15-2015, 11:19 AM
If you don't want buy CXS (or have small budget), you must use more than one free scaner. Example ClamAv+malde+rkhunter.

Posted by vaarsn, 10-16-2015, 09:51 AM
I tried all of them and no success. It's strange that nobody solved the issue I described.

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
ffmpeg mp3 encoder (Views: 370)
reseller account (Views: 371)
reseller canada (Views: 400)
manlius.com ??????? (Views: 378)