Maldet monitoring not picking up malware about linux-malware-detect HOT 12 CLOSED

This feature has been completed, tested and verified working as intended. Please let me know if you run into any issues.

Thanks

from linux-malware-detect.

I have the same situation and am looking for the answer as well. It would seem that until I can get the inotify real time file scanning working dependably, I'd be better off running it manually on an hourly cron.

Any insight into this would be greatly appreciated.

from linux-malware-detect.

This is a result of monitor mode performing native LMD scans that do not utilize the clamscan engine or its extended ruleset.

The 1.5 repo has a change in progress that will see clam(d)scan used for monitor mode when it is present. I am inclined to force this against the clamd service, as if clamd is not running, clamscan preloading all signatures on every scan attempt (every 15s) is prohibitively time consuming.

This change is actively in testing and should be committed over the next couple of days.

from linux-malware-detect.

Hi Rfxn

Thanks for the update. Really appreciate your response.

from linux-malware-detect.

commit is up with changes for clam(d) support in monitor mode, will test and report back once comfortable that the changes work as intended.
3a42320

from linux-malware-detect.

I was encountering this issue as well on version 1.5. After a couple of days, the realtime monitoring wasn't picking up anything at all, but I noticed that if I restart the whole process (inotify monitoring + maldet), the realtime monitoring starts picking up malware again and results start pouring in. The bash script that I am using is as below and it is used as a cron every 2 days:

#!/bin/bash
maldet -k ; sleep 3; killall -9 maldet ; sleep 3; rm -f /usr/local/maldetect/logs/inotify_log ; sleep 3; maldet -m /home/ ;

from linux-malware-detect.

Hi rfxn,

Thanks for the update. I have started testing. I really appreciate this. Maldet team rocks.

from linux-malware-detect.

Hello, I have just installed LMD on Ubuntu 14.04. It work well and picks up virus when run manually. When I setup inotify monitoring I get an error.
{mon} warning clamd service not running; force-set monitor mode file scanning to every 120s
Have searched but not found a solution. ClamAV is definitely running.
sudo service clamav-daemon start
Starting ClamAV daemon clamd
/usr/sbin/clamd already running.
Be great if you could point me in the right direction.
Many thanks, Greg

from linux-malware-detect.

@V0RTX you just need to edit the clamd.conf to start clamav as root instead of the clamav user. clamav cant read the tmp files generated by maldet because maldet runs as root and clamav runs as clamav by default. There will still be some errors in the maldetect/logs/clamscan_log, but inotify will be running as expected.

from linux-malware-detect.

@zvanderbilt Thanks for the advise. However, there is a problem starting clamd if the user is changed to root.
Starting ClamAV daemon clamd ERROR: initgroups() failed.
Any further thoughts?

UPDATE 24 Nov:
Disabled option "use ClamAV" and the error has gone.
Nov 24 15:26:04 V0RTX maldet(32024): {mon} scanned 0 new/changed files with native engine
While this has removed the immediate problem would still like to solve the issue that stops the integration of ClamAV in Ubuntu 14.04.

from linux-malware-detect.

Can you post the output of sudo clamd --debug. From what I could find, that error usually appears when clamav is already running. You may have to stop clamav-daemon before running clamd --debug.

from linux-malware-detect.

I am a new user to github. I dont know how to send patches properly...

For Ubuntu 14 LTS;
This patch to use clamav daemon with fdpass option
(for using the daemon without permission issues.)

maldet_clamav_fdpass.patch.txt

from linux-malware-detect.