Tweet
Did you drop maldet / clam scanning ?
I found it weird when I tried to clean up an infected server and i see a vdserver/scan running.
The weird is its speed.
For the same folder (whole /home) .
CXS did it in 8 hours
cxs Scan on atlas (Hits:17056) (Viruses:6978) (Fingerprints:429)
TimeStamp: Sat, 29 Jul 2017 12:27:51 +0300
Email report / ended at : 29-Jul-17 8:31 PM
Imunify still running
root 535857 96.8 2.4 1490332 797800 ? SNsl Jul29 1635:12 /usr/local/vdserver/scan --json --threads 1 --configfile /usr/local/vdserver/config.json @/tmp/tmphaneykr4
For the last ~24+ hours and public_html only and it didnt finished
Status: Running With Parameters
Folder: /home*/*/public_html
query_builder
a day ago
Ill also try maldet with the same /home/*/public_html when vdscan finish. Eventually.
Will update with findings, false positives or which of 3 (imunify/maldet/cxs) found the most infections/backdoors on this infected system.
It should be handy for benchmarking.
I found it weird when I tried to clean up an infected server and i see a vdserver/scan running.
The weird is its speed.
For the same folder (whole /home) .
CXS did it in 8 hours
cxs Scan on atlas (Hits:17056) (Viruses:6978) (Fingerprints:429)
TimeStamp: Sat, 29 Jul 2017 12:27:51 +0300
Email report / ended at : 29-Jul-17 8:31 PM
Imunify still running
root 535857 96.8 2.4 1490332 797800 ? SNsl Jul29 1635:12 /usr/local/vdserver/scan --json --threads 1 --configfile /usr/local/vdserver/config.json @/tmp/tmphaneykr4
For the last ~24+ hours and public_html only and it didnt finished
Status: Running With Parameters
Folder: /home*/*/public_html
query_builder
a day ago
Ill also try maldet with the same /home/*/public_html when vdscan finish. Eventually.
Will update with findings, false positives or which of 3 (imunify/maldet/cxs) found the most infections/backdoors on this infected system.
It should be handy for benchmarking.
Comment