Thought Maldet would just find manky files, it didn’t, I just wanted it to see the obvious, it did eventually after I did..
1) Install Clam AV (By googling CentOS7 clamav as you do, cheers mate)
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
2) Configure daemon
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf sed -i ā/^Example/dā /etc/clamd.d/clamd.conf
Set
User clamscan LocalSocket /var/run/clamd./clamd.sock
^^ I’d just sed that what I can be arsed
3) Configure FreshClam
cp /etc/freshclam.conf /etc/freshclam.conf.bak sed -i ā/^Example/dā /etc/freshclam.conf
Add these, these actually did the trick, cheers malware friends
Add to..
vi /etc/freshclam.conf DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp
4) Create systemd service file
vi /usr/lib/systemd/system/clam-freshclam.service # Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
5) Enable & start
systemctl enable clam-freshclam.service systemctl start clam-freshclam.service
6)update freshclam
freshclam
… at this point clamAV caught my lurgs, but maldet and all that.
7) Install maldet (by copying and pasting from here, ta!
cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh
Delete /etc/cron.daily/maldet I don’t want it
rm /etc/cron.daily/maldet
8) Update version and virus signatures:
maldet -d && maldet -u
9)Run it
maldet -a /path/to
10 )I checked a lurgy file directly e.g.
maldet -a /path/to/lurg.php
Linux Malware Detect v1.6.2
(C) 2002-2017, R-fx Networks
(C) 2017, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(3338): {scan} signatures loaded: 15218 (12485 MD5 | 1954 HEX | 779 YARA | 0 USER)
maldet(3338): {scan} building file list for /path/to/lurg.php, this might take awhile...
maldet(3338): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(3338): {scan} file list completed in 0s, found 1 files...
maldet(3338): {scan} found clamav binary at /usr/bin/clamscan, using clamav scanner engine...
maldet(3338): {scan} scan of /path/to/lurg.php (1 files) in progress...
maldet(3338): {scan} processing scan results for hits: 1 hits 0 cleaned
maldet(3338): {scan} scan completed on /path/to/lurg.php: files 1, malware hits 1, cleaned hits 0, time 18s
maldet(3338): {scan} scan report saved, to view run: maldet --report 123456-6789.0098
maldet(3338): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 123456-6789.0098