Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the acf domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Deprecated: Creation of dynamic property ACF::$fields is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields.php on line 138

Deprecated: Creation of dynamic property acf_loop::$loops is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/loop.php on line 28

Deprecated: Creation of dynamic property ACF::$loop is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/loop.php on line 269

Deprecated: Creation of dynamic property ACF::$revisions is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/revisions.php on line 397

Deprecated: Creation of dynamic property acf_validation::$errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/validation.php on line 28

Deprecated: Creation of dynamic property ACF::$validation is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/validation.php on line 214

Deprecated: Creation of dynamic property acf_form_customizer::$preview_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 28

Deprecated: Creation of dynamic property acf_form_customizer::$preview_fields is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 29

Deprecated: Creation of dynamic property acf_form_customizer::$preview_errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-customizer.php on line 30

Deprecated: Creation of dynamic property ACF::$form_front is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-front.php on line 598

Deprecated: Creation of dynamic property acf_form_widget::$preview_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 34

Deprecated: Creation of dynamic property acf_form_widget::$preview_reference is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 35

Deprecated: Creation of dynamic property acf_form_widget::$preview_errors is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/forms/form-widget.php on line 36

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the all-in-one-wp-migration domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp_plugin/wp_plugin.php on line 23

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 54

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 1539

Deprecated: strtolower(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 828

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131

Deprecated: Creation of dynamic property acf_field_oembed::$width is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php on line 31

Deprecated: Creation of dynamic property acf_field_oembed::$height is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-oembed.php on line 32

Deprecated: Creation of dynamic property acf_field_google_map::$default_values is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-google-map.php on line 33

Deprecated: Creation of dynamic property acf_field__group::$have_rows is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/includes/fields/class-acf-field-group.php on line 31

Deprecated: Creation of dynamic property acf_field_clone::$cloning is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/pro/fields/class-acf-field-clone.php on line 34

Deprecated: Creation of dynamic property acf_field_clone::$have_rows is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-pro/pro/fields/class-acf-field-clone.php on line 35

Deprecated: Creation of dynamic property jh_acf_field_table::$settings is deprecated in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-content/plugins/advanced-custom-fields-table-field/class-jh-acf-field-table.php on line 23

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902

Warning: Cannot modify header information - headers already sent by (output started at /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php:6131) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/rest-api/class-wp-rest-server.php on line 1902
{"id":24623,"date":"2015-11-05T14:36:02","date_gmt":"2015-11-05T12:36:02","guid":{"rendered":"https:\/\/upcloud.com\/community\/tutorials\/scan-ubuntu-server-malware"},"modified":"2015-11-05T14:36:02","modified_gmt":"2015-11-05T12:36:02","slug":"scan-ubuntu-server-malware","status":"publish","type":"tutorial","link":"https:\/\/studiogo.tech\/upcloudold\/tutorial\/scan-ubuntu-server-malware\/","title":{"rendered":"How to scan Ubuntu server for malware"},"content":{"rendered":"\n

Some unexpected behaviour on a\u00a0cloud Linux could be a result of malware\u00a0infection, while other malicious software might not alert to their presence. Scanning your system for different types of unwanted programs can help identify issues, or at least give you peace of mind for having a clean server.<\/p>\n\n\n\n

There are multiple options for making sure your cloud server is clean of any malware, this guide goes over a couple of scanning software you can utilise for checking your system.<\/p>\n\n\n\n

\n
Try UpCloud for free!<\/a><\/div>\n<\/div>\n\n\n\n

ClamAV<\/h2>\n\n\n\n

ClamAV is a popular open-source antivirus engine available on a multitude of platforms including the majority of Linux distributions. Install it with the command below.<\/p>\n\n\n\n

sudo apt-get install clamav clamav-daemon<\/pre>\n\n\n\n
With the required modules installed, next, you should update the virus database for ClamAV.<\/p>\n\n\n\n
First, stop the related processes to allow for the update the proceed.<\/p>\n\n\n\n
sudo systemctl stop clamav-freshclam<\/pre>\n\n\n\n
Then use the command below to run the updater application.<\/p>\n\n\n\n
sudo freshclam<\/pre>\n\n\n\n
When you\u2019ve finished updating the virus definitions, start and enable the services.<\/p>\n\n\n\n
sudo systemctl start clamav-freshclam\nsudo systemctl enable clamav-freshclam<\/pre>\n\n\n\n
Then do a test scan to your home directory just to make sure the scanning works as it should use the following command.<\/p>\n\n\n\n
sudo clamscan -r \/home<\/pre>\n\n\n\n
Granted that your home directory didn\u2019t contain any viruses or other types of malware, the scan should come back empty.<\/p>\n\n\n\n
So how do you know it works?<\/p>\n\n\n\n
For this, you can download an anti-virus test file, which is a small completely harmless program that most anti-virus software report as infected, though with an obvious test file name EICAR-AV-Test<\/em>. Use the following command to download the test file to your home directory.<\/p>\n\n\n\n
wget -P ~\/ http:\/\/www.eicar.org\/download\/eicar.com<\/pre>\n\n\n\n
Now scan your home folder again with the same command as above, you should receive notice of one infected file at the end summary after the scan is completed. When you\u2019ve confirmed that ClamAV finds the test file correctly, use the command below to scan it again and remove the infected file once found.<\/p>\n\n\n\n
sudo clamscan --infected --remove --recursive \/home<\/pre>\n\n\n\n
Be careful when using the \u2013remove<\/em> parameter. First, run a broader scan without it, and then a more localized scan when removing files or removing them manually.<\/p>\n\n\n\n
To perform a complete scan of your cloud server, use this command<\/p>\n\n\n\n
sudo clamscan --infected --recursive --exclude-dir=\"^\/sys\" \/<\/pre>\n\n\n\n
The scan goes through each directory in your system root recursively, but skips \/sys<\/em> just to avoid unnecessary warning printouts, as the virtual file system consists of some unreadable files, which could not contain viruses anyway.<\/p>\n\n\n\n
Rkhunter<\/h2>\n\n\n\n
Rkhunter is a common option for scanning your system for rootkits and general vulnerabilities. It can be easily installed using the package manager.<\/p>\n\n\n\n
sudo apt-get install rkhunter<\/pre>\n\n\n\n
Once installed and before scanning, you\u2019ll need to update the file properties database.<\/p>\n\n\n\n
sudo rkhunter --propupd<\/pre>\n\n\n\n
This lets the scanner know the current state of certain files to prevent some false alarms. After the update, simply start\u00a0the scanner with the following.<\/p>\n\n\n\n
sudo rkhunter --checkall<\/pre>\n\n\n\n
The scanner runs through some system commands, checks for actual rootkits and some malware, network and local host settings, and then give you the summary as well as recording the findings to a log file.<\/p>\n\n\n\n
Afterwards, you can get a condensed look at the scan log with this command.<\/p>\n\n\n\n
sudo cat \/var\/log\/rkhunter.log | grep -i warning<\/pre>\n\n\n\n
Go through the output to get some tips on what you could do to improve your system security.<\/p>\n\n\n\n
Chkrootkit<\/h2>\n\n\n\n
Chkrootkit is another popular rootkit scanner, which\u00a0runs a lot of useful checks and can direct suspicions towards finding a solution. It can be installed on most distributions with the package manager, on Ubuntu systems use the following.<\/p>\n\n\n\n
sudo apt-get install chkrootkit<\/pre>\n\n\n\n
Once done, scan your server with this command.<\/p>\n\n\n\n
sudo chkrootkit<\/pre>\n\n\n\n
The scan will check for many types of infections and print out its findings. You can scroll through the output to check for any warnings. Note that on Ubuntu 14.04 using chkrootkit<\/tt> version 0.49 it\u2019s possible to get a false positive warning for Suckit rootkit, use rkhunter<\/tt> to double check.<\/p>\n\n\n\n
Chkrootkit doesn\u2019t write reports other than outputting to the screen by default, but if you wish to automate the checks or to take a look at the findings later, use the tee<\/em> command to redirect the printout\u00a0to a log file.<\/p>\n\n\n\n
sudo chkrootkit | sudo tee \/var\/log\/chkrootkit\/chkrootkit.log<\/pre>\n\n\n\n
You can then check the log for any warnings.<\/p>\n\n\n\n
sudo cat \/var\/log\/chkrootkit\/chkrootkit.log | grep -i warning<\/pre>\n\n\n\n
While chkrootkit<\/tt> can be used to help determine if a machine has been compromised, it shouldn\u2019t be taken as the \u2018final word\u2019, use it in conjunction with other scanners to diagnose any possible infections.<\/p>\n","protected":false},"featured_media":27369,"comment_status":"open","ping_status":"closed","template":"","community-category":[121,123],"class_list":["post-24623","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry","community-category-security","community-category-troubleshooting"],"acf":[],"_links":{"self":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial\/24623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/types\/tutorial"}],"replies":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/comments?post=24623"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media\/27369"}],"wp:attachment":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media?parent=24623"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/community-category?post=24623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}