Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #31  
Old 5th July 2013, 18:41
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 21
Thanks: 0
Thanked 8 Times in 3 Posts
Default

HIya.

No sorry haven't found a solution yet...
Reply With Quote
Sponsored Links
  #32  
Old 15th July 2013, 11:42
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default

This maldet is really weird, check this:

Quote:
root@server:~# pstree | grep maldet
root@server:~#
Then I start it manually:

Quote:
root@server:~# /usr/local/maldetect/maldet -m /usr/local/maldetect/maldetfilelist
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(51977): {mon} existing inotify process detected (try -k): 232055
root@server:~#
Reply With Quote
  #33  
Old 25th July 2013, 23:59
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 62 Times in 46 Posts
Default

Another helpful one. If you prefer LMD over ClamAV for pure-ftpd upload scan, you can use the following within the upload scipt:

Code:
/usr/local/sbin/maldet --config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$1" > /dev/null 2>&1
which will put the file to quarantine. Code is from modsec.sh from LMD.
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter
Reply With Quote
The Following User Says Thank You to MaddinXx For This Useful Post:
SupuS (21st November 2013)
  #34  
Old 1st December 2013, 00:16
SupuS SupuS is offline
HowtoForge Supporter
 
Join Date: May 2006
Posts: 202
Thanks: 68
Thanked 14 Times in 12 Posts
Default

Quote:
Originally Posted by MaddinXx View Post
Another helpful one. If you prefer LMD over ClamAV for pure-ftpd upload scan, you can use the following within the upload scipt:

Code:
/usr/local/sbin/maldet --config-option quar_hits=1,quar_clean=0,clamav_scan=0 --modsec -a "$1" > /dev/null 2>&1
which will put the file to quarantine. Code is from modsec.sh from LMD.
Hi MaddinXx,

I set file upload scan by http://www.howtoforge.com/how-to-int...debian-squeeze and used the script you suggested. It works well but I am facing problem with "part" extension during upload of files. I tried upload of test.txt. Here are messages from event_log:

Code:
maldet(23688): {scan} invalid path /var/www/clients/client55/web175/private/test.txt.part
The txt file was small, so upload finished and file was rename to test.txt but the scan was executed on test.txt.part. Bigger files are scanned but before upload is finished I am afraid:

maldet(22107): {scan.modsec} results returned OK on /var/www/clients/clientXX/webXX/private/test.txt.part (id: 120113-0000.22107)

Do you have same sort of problems or not? I use Debian 6.

Thanks for any suggestion.

EDIT: I found the problem is in FTP client. This client is the culprit which creates files with .part extension

EDIT 2: I did some testing and my FTP client is able sucessfully upload infected file to server when scan is executed on ".part" file .. so the script has to be improved somehow

Last edited by SupuS; 1st December 2013 at 00:42.
Reply With Quote
  #35  
Old 8th February 2014, 20:26
shadowcast shadowcast is offline
Junior Member
 
Join Date: Feb 2014
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello,
since today, when i want to edit conf.maldet i got a error, that the file is readonly.
File Properties should be 644 and owned by root.
Im loged in as root.

Some other files i can edit normally???

Greetz
Reply With Quote
  #36  
Old 26th February 2014, 13:14
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default

Isn't there anyone willing to "adopt" this Debian-Mod?
I really think maldet is an awesome script but the author is very unresponsive and in its current state there are way too many errors and unanswered questions in this thread...

I'd be willing to donate maybe 1-2 hour's worth of work?
Reply With Quote
  #37  
Old 15th March 2014, 23:53
felan felan is offline
Junior Member
 
Join Date: Aug 2012
Posts: 21
Thanks: 0
Thanked 8 Times in 3 Posts
 
Default

Ovidiu: I wish I could be of more help, but work keeps me busy, sadly. If anyone ells would take this up, personally I'd be really grateful.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Compile php for ispconfig with zlib on Debian Lenny (Debian 5.0) [ISPConfig 2 mike_phi Installation/Configuration 0 23rd August 2010 15:52
ISPConfig 3.0.0.4 Beta Released till General 54 4th March 2009 09:55
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 01:39
Postfix Problems Rocky Installation/Configuration 22 14th September 2006 09:03
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 20:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.