Comments (12)
This feature has been completed, tested and verified working as intended. Please let me know if you run into any issues.
Thanks
from linux-malware-detect.
I have the same situation and am looking for the answer as well. It would seem that until I can get the inotify real time file scanning working dependably, I'd be better off running it manually on an hourly cron.
Any insight into this would be greatly appreciated.
from linux-malware-detect.
This is a result of monitor mode performing native LMD scans that do not utilize the clamscan engine or its extended ruleset.
The 1.5 repo has a change in progress that will see clam(d)scan used for monitor mode when it is present. I am inclined to force this against the clamd service, as if clamd is not running, clamscan preloading all signatures on every scan attempt (every 15s) is prohibitively time consuming.
This change is actively in testing and should be committed over the next couple of days.
from linux-malware-detect.
Hi Rfxn
Thanks for the update. Really appreciate your response.
from linux-malware-detect.
commit is up with changes for clam(d) support in monitor mode, will test and report back once comfortable that the changes work as intended.
3a42320
from linux-malware-detect.
I was encountering this issue as well on version 1.5. After a couple of days, the realtime monitoring wasn't picking up anything at all, but I noticed that if I restart the whole process (inotify monitoring + maldet), the realtime monitoring starts picking up malware again and results start pouring in. The bash script that I am using is as below and it is used as a cron every 2 days:
#!/bin/bash
maldet -k ; sleep 3; killall -9 maldet ; sleep 3; rm -f /usr/local/maldetect/logs/inotify_log ; sleep 3; maldet -m /home/ ;
from linux-malware-detect.
Hi rfxn,
Thanks for the update. I have started testing. I really appreciate this. Maldet team rocks.
from linux-malware-detect.
Hello, I have just installed LMD on Ubuntu 14.04. It work well and picks up virus when run manually. When I setup inotify monitoring I get an error.
{mon} warning clamd service not running; force-set monitor mode file scanning to every 120s
Have searched but not found a solution. ClamAV is definitely running.
sudo service clamav-daemon start
Starting ClamAV daemon clamd
/usr/sbin/clamd already running.
Be great if you could point me in the right direction.
Many thanks, Greg
from linux-malware-detect.
@V0RTX you just need to edit the clamd.conf to start clamav as root instead of the clamav user. clamav cant read the tmp files generated by maldet because maldet runs as root and clamav runs as clamav by default. There will still be some errors in the maldetect/logs/clamscan_log, but inotify will be running as expected.
from linux-malware-detect.
@zvanderbilt Thanks for the advise. However, there is a problem starting clamd if the user is changed to root.
Starting ClamAV daemon clamd ERROR: initgroups() failed.
Any further thoughts?
UPDATE 24 Nov:
Disabled option "use ClamAV" and the error has gone.
Nov 24 15:26:04 V0RTX maldet(32024): {mon} scanned 0 new/changed files with native engine
While this has removed the immediate problem would still like to solve the issue that stops the integration of ClamAV in Ubuntu 14.04.
from linux-malware-detect.
Can you post the output of sudo clamd --debug. From what I could find, that error usually appears when clamav is already running. You may have to stop clamav-daemon before running clamd --debug.
from linux-malware-detect.
I am a new user to github. I dont know how to send patches properly...
For Ubuntu 14 LTS;
This patch to use clamav daemon with fdpass option
(for using the daemon without permission issues.)
maldet_clamav_fdpass.patch.txt
from linux-malware-detect.
Related Issues (20)
- cron.daily not sourcing custom configuration files
- Add default case for WordOps installation HOT 1
- Logrotate failed Maldetect (Ubuntu v20.04) HOT 1
- Maldet signatures only update twice a week. HOT 1
- Missing path in output messages HOT 1
- Proxy/cache maldet.sigs.ver and other artefacts HOT 2
- c99.php is not detected. Signatures out of date? HOT 2
- LMD + ClavAV | /etc/passwd - issue HOT 2
- pre1-1.6.5 Failed to enable unit: Unit file maldet.service does not exist. HOT 2
- maldet upgrade kills maldet monitoring
- Regression with 1.6.5 sending emails to [email protected]? HOT 6
- Can you create a dockerfile
- [Help]Cannot start maldet HOT 1
- scan returned empty file list; check that the path exists and contains files in scope of configuration HOT 1
- Debian monitor mode not working HOT 1
- False Positive in magento-coding-standard
- maldet on Debian 12 not running as non-root user
- how come the main website www.rfxn.com/projects/linux-malware-detect/ is not behind a https
- Not getting email alerts in monitor mode HOT 1
- Detecting wrong thing i guss
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linux-malware-detect.