Rootkit Scanner#
Install and scan "rkhunter"
> apt-get install rkhunter > rkhunter --update > rkhunter --propupd --update > rkhunter -c
Install and scan chkrootkit
> apt-get install chkrootkit > chkrootkit
Virus Scanner#
A list of Linux virus scanner is here.You can use ClamAV most easily.
Install (see also apt)
> apt-get install clamav clamav-freshclam
Refresh
> freshclam
Search
> clamscan -r -i / > virusscan.txt & ClamAV update process started at Sat Jan 4 13:59:40 2014 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.97.8 Recommended version: 0.98 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd is up to date (version: 18317, sigs: 636260, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 235, sigs: 44, f-level: 63, builder: dgoddard)This is on Ubuntu 10.04. Adding "backports" packages (see apt) and upgrading did not help (?)
Anyway, result was:
/markus/tomee/tomee_wp16/work/Catalina/localhost/EbelHome/org/apache/jsp/index_005fbak1_jsp.java: Win.Backdoor.ChopperJsp FOUND /markus/tomee/tomee_wp16/webapps/Homepage/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND /markus/tomee/tomee_wp16/webapps/EbelHome/index_bak1.jsp: Win.Backdoor.ChopperJsp FOUND
I noticed following process (ps -ef)
perl /usr/bin/bk lup.ox88.info 443Bitkeeper?