Clamav configuration.

[Ankit Soni]

Hi All,

I have small shared server, and also installed with clam av antivirus which prevent from malware and defacing shell and any other attack. But from some dayz i found that hackers are uploading defacing shell in to the web site or if they cant upload files then they edit the already existed website files and changes into defacing shell.

So my requirement is:
1) If files made changes automatically scanned with clamav antivirus.

Or

2) Is it possible to configure clamav with tripwire:
Like when tripwire found file or directory changes, clamav scanned those files or directory. If yes then let me know how to configure this.

Thanks & Regard

Ankit Soni (RHCSA, RHCE)
~~~~~
"Linux is immortal, it is like perfume spread all over the world...." Be happy using open source...

[Alok Thaker]

Hi Ankit,

Clamav cannot identify the malware or exploit shell vulnerabilities like r57 etc. For that you have to scan your website code with proper malware scanner online or like say with iscanner for php or you can use sucuri like http://sitecheck.sucuri.net/scanner/ 

Thanks & Regards,  

Alok Thaker 

--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG
 
---
You received this message because you are subscribed to the Google Groups "VGLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vglug+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Ankit Soni]

HI Alok,

Thi is site is not working for me, i have manually uploaded the the c99 shell code in to my website and give them a proper permission and scanned this with link which you have suggested, but it is not identifying the malware but i have scanned the site with clamav it detects the malware. 

PLease find the scann summery report of this.

----------- SCAN SUMMARY -----------

Known viruses: 2826012

Engine version: 0.98

Scanned directories: 3

Scanned files: 32

Infected files: 1

Data scanned: 31.39 MB

Data read: 16.25 MB (ratio 1.93:1)

Time: 8.345 sec (0 m 8 s)

 

and also i scanned this particular file with clamav to conferm with clam av then i dound that it detect this files, in my point of view clam av detects the malware if not the suggest me to which opensource anti virus i am using.

Thanks & Regard

Ankit Soni (RHCSA, RHCE) 
~~~~~
"Linux is immortal, it is like perfume spread all over the world...." Be happy using open source...

--
Akki....

[magi Maruthamuthu]

@ Ankit Soni,

We have faced the same problem 1 year back in our linux server and can't control it.

After that we have got suggestion from cpanel support executive and installed the malwarebytes, it will very useful when anybody trying to upload malwre contents or trojan files it will not allowed those infected contents while uploading.

http://www.malwarebytes.org/

[Ankit Soni]

thanks it works for me.

--

Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+un...@googlegroups.com
To post to this group, send email to VG...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG
 
---
You received this message because you are subscribed to the Google Groups "VGLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vglug+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Akki....