Current time: 11-27-2024, 09:01 AM Hello There, Guest! (LoginRegister)


Post Reply 
malware scanner
Author Message
xchrix Offline
Junior Member
*

Posts: 20
Joined: Apr 2008
Reputation: 0
Post: #1
Question malware scanner
hello

how do you protect your servers from malware. i hat the problem that someone installed bad php scripts at an wbespace of a customer. so my ip got listed at a badware index site. so all sites are shown as untrusty because they all have the same ip. i have removed the malware and now i have to wait that google checks again..

do you know some scanner like rkhunter that this doesnt happen again??
12-01-2009 08:51 AM
Find all posts by this user Quote this message in a reply
motokochan Offline
Member
***

Posts: 274
Joined: Jul 2008
Reputation: 1
Post: #2
RE: malware scanner
rkhunter and chkrootkit only check for system-level issues (as far as I know). Many malware scripts can be easily obfuscated, so it's difficult to check for a simple text string.

If you are paranoid, you could set up something like tripwire, but it can be very noisy on a webserver, especially when including web files for watching on changes.
12-01-2009 01:20 PM
Visit this user's website Find all posts by this user Quote this message in a reply
xchrix Offline
Junior Member
*

Posts: 20
Joined: Apr 2008
Reputation: 0
Post: #3
RE: malware scanner
hey thanks for your reply. but i think tripwire is not what i am searching for.
i knwo that many malware scripts are obfuscated but there must be a database for known malware script and how the look like.

we only have to make an scanner which scans all html/php files in /var/www/virtual and checks if the code looks the same as an known malware script. i know that we cant get 100% of the scripts out there but old scripts wont work anymore.
12-01-2009 06:42 PM
Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #4
RE: malware scanner
Have you tried using clamdscan (the file scanner from clamav)? I'm not sure that it will catch these kind of trojans/redirectors, but I would give it a try. Additionally, infected scripts used to try commands or send e-mails tend to be noisy and/or make strange requests, so logwatch monitoring your apache logfiles should be a good way to catch them...
12-07-2009 07:47 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)