Malware Audit Ubuntu 20.04

30 January, 2021, Luke Reynolds
Difficulty: Easy

ClamAV

ClamAV is a popular open source antivirus available on the majority of Linux distro's. To install type the following command.

sudo apt install clamav clamav-daemon

To update the database we must stop the freshclam.service.

sudo systemctl stop clamav-freshclam.service

Once the service is stopped we can update the virus database with.

sudo freshclam

With the database updated we can start a scan on the home directory.

sudo clamscan -r /home

Once the home directory has been scanned a complete scan of the server can be run with.

sudo clamscan -r -i --exclude-dir="^/sys" --bell /

Rkhunter is a common choice when searching for rootkits and general vulnerabilities.

sudo apt install rkhunter

Update the properties database prior to scanning.

sudo rkhunter --propupd

Once the virus database has been updated the scan tool can be run with the following command.

sudo rkhunter --checkall

Chkrootkit is similar in respect to Rkhunter.

sudo apt install chkrootkit

Run the scan tool.

sudo chkrootkit