In the world of cybersecurity, staying one step ahead of malicious actors is crucial. As server owners or web hosting company owners, it is essential to be equipped with the right tools and techniques to protect your infrastructure from malware attacks. Two powerful tools that can aid in this endeavor are YARA and ClamAV Signatures. … Read more
You can use 3rd party compiled malware and virus signature databases to extend ClamAV signature database collection with better detection PHP malware. RFXN (R-FX NETWORKS) Database signatures are updated typically once per day or more frequently depending on incoming threat data from the LMD checkout feature, IPS malware extraction, and other sources. Malware.Expert also generates … Read more
ClamAV is an open-source anti-virus engine designed to detect viruses, Trojans, malware and other threats. It supports multiple file formats (documents, executables or archives), uses multi-threaded scanner features and receives updates 3-4 times a day for its signature database. Additionally, we are updating our database, so the user will get improved results. Benefits of using … Read more
We all know that Linux is the most powerful operating system around us, but there is a misconception that Linux does not need any antivirus programs on it. For maximum protection this is essential. More than 60% of web-servers are running on Linux servers and most of them are protected with some solutions. From my … Read more
When you are scanning malware example ClamAV or Maldet from files in server and get positive hit, you may difficult find where has injected code in the file. For decoding signature you can use ClamAV sigtool command line tool. This will help you find the right position from infected file and remove malware code. Positive … Read more
First we need install ClamAV, it has been now been included in cPanel/WHM. ClamAV is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. You can also install it from your … Read more
This tutorial we integrate ClamAV into Pure-FTPd for virus scanning in Directadmin server with Custombuild. Whenever a file gets uploaded through Pure-FTPd, ClamAV will check the file and delete it if it is malware. Installing Pure-FTPd & ClamAV First we need change custom build options.conf setting Check options.conf #ClamAV-related Settings clamav=yes pureftpd_uploadscan=yes Building software Building … Read more
Today we found undetected malware, which keep it hidden and try loading again if it deleted. We generated Signatures to Detect these hidden includes: /index.php: {HEX}Malware.Expert.wordpress.hidden.include.0.UNOFFICIAL FOUND /wp-load.php: {HEX}Malware.Expert.wordpress.hidden.include.1.UNOFFICIAL FOUND /wp-includes/template.php: {HEX}Malware.Expert.malware.url.7od.info.0.UNOFFICIAL FOUND /wp-includes/Requests/IPconfig.ini: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND /wp-includes/js/utilities.js: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND WordPress index.php wp-load.php End of file: template.php IPconfig.ini Remove file utilities.js Remove file Final Words Use … Read more
This again new malware which we call cryptonight, what we haven’t seen before. It’s downloads executable Linux program and hides that http daemon in background, which is difficult find process list at first glance. Manual remove process You can search if there running process httpd, which start cryptonight parameter: ps aux | grep cryptonight Then … Read more
New web shell (PHOENIX SHELL), which we have not seen before. This is a typical web shell, except there are a lot of extra features: Upload Command Execute Mass Deface cPanel crack CGI Telnet WordPress auto Deface Fake root Etc … In the action Final words Use Malware Expert – Signatures detect this Web shell … Read more