Results 1 to 3 of 3

Thread: Can you interpret this result from maldetect(LMD)?

  1. #1
    Join Date
    Jun 2018
    Beans
    25

    Can you interpret this result from maldetect(LMD)?

    PATH: /
    TOTAL FILES: 15590
    TOTAL HITS: 8
    TOTAL CLEANED: 0

    FILE HIT LIST:
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-current.tar.gz => /usr/local/maldetect/quarantine/maldetect-current.tar.gz.37049450
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.288220715
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/md5.dat => /usr/local/maldetect/quarantine/md5.dat.1006919246
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.ndb => /usr/local/maldetect/quarantine/rfxn.ndb.2394931744
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.hdb => /usr/local/maldetect/quarantine/rfxn.hdb.627526444
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/hex.dat => /usr/local/maldetect/quarantine/hex.dat.2561518734
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.367626301
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/md5v2.dat => /usr/local/maldetect/quarantine/md5v2.dat.1226626496

    I don't understand. It seems to be saying that maldetect (LMD) is infected? If not than what are the results?

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Can you interpret this result from maldetect(LMD)?

    Where does maldetect store the signatures it uses to scan for problems? If you scan those places, wouldn't those signatures be found? Look like each is a false positive.
    Last edited by TheFu; September 10th, 2019 at 05:55 PM.

  3. #3
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Can you interpret this result from maldetect(LMD)?

    Quote Originally Posted by linux-user-0987 View Post
    PATH: /
    TOTAL FILES: 15590
    TOTAL HITS: 8
    TOTAL CLEANED: 0

    FILE HIT LIST:
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-current.tar.gz => /usr/local/maldetect/quarantine/maldetect-current.tar.gz.37049450
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed => /usr/local/maldetect/quarantine/gzbase64.inject.unclassed.288220715
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/md5.dat => /usr/local/maldetect/quarantine/md5.dat.1006919246
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.ndb => /usr/local/maldetect/quarantine/rfxn.ndb.2394931744
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.hdb => /usr/local/maldetect/quarantine/rfxn.hdb.627526444
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/hex.dat => /usr/local/maldetect/quarantine/hex.dat.2561518734
    {HEX}php.gzbase64.inject.452 : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/rfxn.yara => /usr/local/maldetect/quarantine/rfxn.yara.367626301
    {YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der _php : /home/computer/Documents/lmd/maldetect-1.6.4/files/sigs/md5v2.dat => /usr/local/maldetect/quarantine/md5v2.dat.1226626496

    I don't understand. It seems to be saying that maldetect (LMD) is infected? If not than what are the results?
    https://github.com/rfxn/linux-malware-detect/issues/87

    https://github.com/rfxn/linux-malware-detect/issues/242
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •