Some unexpected behaviour on a Linux server could be a result of malware\u00a0infection, while other malicious software might not alert to their presence. Scanning your system for different types of unwanted programs can help identify issues, or at least give you peace of mind for having a clean server.<\/p>\n\n\n\n

There are multiple options for making sure your cloud server is clean of any malware, this guide goes over a couple of scanning software you can utilise for checking your system.<\/p>\n\n\n\n

Test hosting on UpCloud!<\/a><\/div>\n<\/div>\n\n\n\n

ClamAV is a popular open-source antivirus engine available on a multitude of platforms including the majority of Linux distributions. Install it on CentOS 7 with the following command.<\/p>\n\n\n\n

sudo yum install clamav clamav-update clamav-scanner-systemd clamav-server-systemd<\/pre>\n\n\n\nAfterwards, you\u2019ll need to edit the configuration a little by commenting out the Example<\/em> text from two files, the simplest way to do so is to use sed<\/em> for some fast editing with these commands.<\/p>\n\n\n\n
sudo sed -i -e \"s\/^Example\/#Example\/\" \/etc\/freshclam.conf\nsudo sed -i -e \"s\/^Example\/#Example\/\" \/etc\/clamd.d\/scan.conf<\/pre>\n\n\n\nWith the required modules installed and configured, next, you should update the virus database for ClamAV.<\/p>\n\n\n\n
First, stop the related processes to allow for the update the proceed.<\/p>\n\n\n\n
sudo systemctl stop clamav-freshclam<\/pre>\n\n\n\nThen use the command below to run the updater application.<\/p>\n\n\n\n
sudo freshclam<\/pre>\n\n\n\nWhen you\u2019ve finished updating the virus definitions, start and enable the services.<\/p>\n\n\n\n
sudo systemctl start clamav-freshclam\nsudo systemctl enable clamav-freshclam<\/pre>\n\n\n\nThen do a test scan to your home directory just to make sure the scanning works as it should use the following command.<\/p>\n\n\n\n
 <\/pre>\n\n\n\nsudo clamscan -r \/home<\/pre>\n\n\n\nGranted that your home directory didn\u2019t contain any viruses or other types of malware, the scan should come back empty.<\/p>\n\n\n\n
So how do you know it works?<\/p>\n\n\n\n
For this, you can download an anti-virus test file, which is a small completely harmless program that most anti-virus software report as infected, though with an obvious test file name EICAR-AV-Test. Use the following command to download the test file to your home directory.<\/p>\n\n\n\n
wget -P ~\/ http:\/\/www.eicar.org\/download\/eicar.com<\/pre>\n\n\n\nNow scan your home folder again with the same command as above, you should receive notice of one infected file at the end summary after the scan is completed. When you\u2019ve confirmed that ClamAV finds the test file correctly, use the command below to scan it again and remove the infected file once found.<\/p>\n\n\n\n
sudo clamscan --infected --remove --recursive \/home<\/pre>\n\n\n\nBe careful when using the \u2013remove<\/em> parameter. First, run a broader scan without it, and then a more localized scan when removing files or removing them manually.<\/p>\n\n\n\n
To perform a complete scan of your cloud server, use this command.<\/p>\n\n\n\n
sudo clamscan --infected --recursive --exclude-dir=\"^\/sys\" \/<\/pre>\n\n\n\nThe scan goes through each directory in your system root recursively, but skips \/sys<\/em> just to avoid unnecessary warning printouts, as the virtual file system consists of some unreadable files, which could not contain viruses anyway.<\/p>\n\n\n\n
Rkhunter<\/h2>\n\n\n\nRkhunter is a common option for scanning your system for rootkits and general vulnerabilities. It can be easily installed from the package manager on CentOS using the following command.<\/p>\n\n\n\n
sudo yum install rkhunter<\/pre>\n\n\n\nOnce installed and before scanning, you\u2019ll need to update the file properties database.<\/p>\n\n\n\n
sudo rkhunter --propupd<\/pre>\n\n\n\nThis lets the scanner know the current state of certain files to prevent some false alarms. After the update, simply run the scanner with the following.<\/p>\n\n\n\n
sudo rkhunter --checkall<\/pre>\n\n\n\nThe scanner goes\u00a0through some system commands, checks for actual rootkits and some malware, network and local host settings, and then give you the summary as well as recording the findings to a log file.<\/p>\n\n\n\n
Afterwards, you can get a condensed look at the scan log with this command.<\/p>\n\n\n\n
sudo cat \/var\/log\/rkhunter\/rkhunter.log | grep -i warning<\/pre>\n\n\n\nGo through the output to get some tips on what you could do to improve your system security.<\/p>\n","protected":false},"featured_media":27371,"comment_status":"open","ping_status":"closed","template":"","community-category":[121,123],"class_list":["post-24627","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry","community-category-security","community-category-troubleshooting"],"acf":[],"_links":{"self":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial\/24627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/types\/tutorial"}],"replies":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/comments?post=24627"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media\/27371"}],"wp:attachment":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media?parent=24627"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/community-category?post=24627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}