Question about maldet.
by ////// from LinuxQuestions.org on (#5E412)
i ran scan of my box like this :
Code:# maldet -a /https://www.rfxn.com/projects/linux-malware-detect/
it took a LOOONG time to finish with 3 hits.
Code:HOST: arch
SCAN ID: 210208-2318.1637759
STARTED: Feb 8 2021 23:18:15 +0200
COMPLETED: Feb 11 2021 03:46:18 +0200
ELAPSED: 188883s [find: 2s]
PATH: /
TOTAL FILES: 414111
TOTAL HITS: 3
TOTAL CLEANED: 0
FILE HIT LIST:
HOST: arch
SCAN ID: 210208-2318.1637759
STARTED: Feb 8 2021 23:18:15 +0200
COMPLETED: Feb 11 2021 03:46:18 +0200
ELAPSED: 188883s [find: 2s]
PATH: /
TOTAL FILES: 414111
TOTAL HITS: 3
TOTAL CLEANED: 0
FILE HIT LIST:
{HEX}php.exe.globals.414 : /usr/share/nmap/scripts/http-vuln-cve2012-1823.nse => /usr/local/maldetect/quarantine/http-vuln-cve2012-1823.nse.1356922472
{HEX}php.gzbase64.inject.452 : /usr/local/src/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.2182211307
{HEX}php.cmdshell.antichat.201 : /usr/local/src/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.782222470is that runtime normal?
i know that those hits are false positives.
Code:# maldet -a /https://www.rfxn.com/projects/linux-malware-detect/
it took a LOOONG time to finish with 3 hits.
Code:HOST: arch
SCAN ID: 210208-2318.1637759
STARTED: Feb 8 2021 23:18:15 +0200
COMPLETED: Feb 11 2021 03:46:18 +0200
ELAPSED: 188883s [find: 2s]
PATH: /
TOTAL FILES: 414111
TOTAL HITS: 3
TOTAL CLEANED: 0
FILE HIT LIST:
HOST: arch
SCAN ID: 210208-2318.1637759
STARTED: Feb 8 2021 23:18:15 +0200
COMPLETED: Feb 11 2021 03:46:18 +0200
ELAPSED: 188883s [find: 2s]
PATH: /
TOTAL FILES: 414111
TOTAL HITS: 3
TOTAL CLEANED: 0
FILE HIT LIST:
{HEX}php.exe.globals.414 : /usr/share/nmap/scripts/http-vuln-cve2012-1823.nse => /usr/local/maldetect/quarantine/http-vuln-cve2012-1823.nse.1356922472
{HEX}php.gzbase64.inject.452 : /usr/local/src/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.2182211307
{HEX}php.cmdshell.antichat.201 : /usr/local/src/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.782222470is that runtime normal?
i know that those hits are false positives.