How can I scan my server for malware infections?

If your server has been compromised or you are observing unusual behaviour on the VPS (Sudden rise in load/performance, SPAM complaints being sent on your behalf). It might be an idea to start examining your server for Malware, Trojans or other malicious threats.

A good approach is to scan your server using ClamAV which comes in the default repository for most Linux distros. However, it's also possible to install it from source. 

ClamAV can be downloaded from the following webpage: http://www.clamav.net/index.html
Documentation concerning the installation and various commands are listed here: http://www.clamav.net/doc/install.html

Another helpful tool as an alternative to ClamAV is Maldet (Linux Malware Detect).

Maldet is the same as ClamAV as in it's an open source free to use Malware Scanner for Linux.
Maldet can be downloaded from https://www.rfxn.com/projects/linux-malware-detect/
Instructions are listed here: https://www.rfxn.com/appdocs/README.maldetect

Scanning your website domains with an online malware scanner
There's also a variety of tools at your disposal to scan for possible malware and security threats using one of the following online scanners:

Securi Site Check
https://sitecheck.sucuri.net//

WordPress Security Scan:
https://hackertarget.com/wordpress-security-scan/
https://nl.wordpress.org/plugins/sucuri-scanner/ <-- Plugin for Wordpress

PHP Malicious Code Scanner:
OS Commerce appliances (Wordpress, Joomla, Drupal, and custom built sites have all been pestered by the <?php @eval(base64_decode($_GET[q])); ?> hack. In these cases a single php file is uploaded to your or are disguised within php files that look non-threatening (wp-login.php for example). 

You can scan for malicious PHP code on your server using the scanner on the following page:
https://github.com/mikestowe/Malicious-Code-Scanner/blob/master/phpMalCodeScanner.php

Have more questions? Submit a request

0 Comments

Article is closed for comments.