How to Scan Your Webdock Server for Malware and Virus
Last updated: July 19th 2023
Introduction
A malware or virus infection can happen when downloading files or software from suspicious sites or hosts. Some malware might not create any apparent symptoms, but some may cause unexpected behavior on your server. A server-wide scan can help you identify and remove malicious software if you suspect your system has been infected with malware.
There are a few different ways to clean your cloud server of malware and viruses, and this guide covers three of the most popular scanning software options. These tools can help you keep your Webdock server clean and secure.
Prerequisites
- A Linux Server (I am using Ubuntu)
- A sudo user
Using Rkhunter
Rkhunter is a powerful, free, open-source tool known for scanning backdoors, rootkits, and other general vulnerabilities on POSIX-compliant systems. It can be easily installed using your package manager. Check for updates:
$ sudo apt-get update && sudo apt-get upgrade -y
And then run and follow the instructions on the screen:
$ sudo apt-get install rkhunter -y
Before scanning, you'll need to update the file properties database:
$ sudo rkhunter --propupd
This allows the scanner to assess the current state of specific files and prevent false alarms. After the update, start the scanner with the following:
$ sudo rkhunter --checkall
The scanner will run through some system commands to check for rootkits, malware, and other malicious software. You should click on the enter key when prompted. Once the scan is complete, Rkhunter will create a log file with a summary of the findings.
This command allows you to view a bird’s eye version of the scan log:
$ sudo cat /var/log/rkhunter.log | grep -i warning
Using ClamAV
ClamAV is a popular open-source antivirus engine available on many platforms. This software can scan emails and all mail file formats. ClamAV can also check archives and extensions such as tar, zip, rar, 7zip, and more. To install ClamAV, use the command below:
$ sudo apt-get install clamav clamav-daemon -y
To update the virus database for ClamAV, you'll need first to stop any related processes that might be running. This will allow the update to proceed without any issues. Once the processes have been stopped, you can update the virus database:
$ sudo systemctl stop clamav-freshclam
$ sudo freshclam
After you've updated the virus definitions, start and enable the services to get them up and running:
$ sudo systemctl enable clamav-freshclam $ sudo systemctl start clamav-freshclam
Then, to ensure the scanning works as it should, do a test scan of your home directory using the following command:
$ sudo clamscan -r /home
The scan should return negative if your home directory is clear of viruses or malware.
In case you find something fishy, you can use the following to remove the infected file:
$ sudo clamscan --infected --remove --recursive /home
Note: Use --remove parameter with caution. First, run a scan without it to get an overview of the problem. Then run a localized scan to identify which files need to be removed. Finally, remove the files either manually or with the --remove parameter.
To complete a scan of your cloud server, you can use the following command to have ClamAV recurse through each directory in your system root. This will still skip/sys to avoid unnecessary warning printouts, as the virtual file system consists of unreadable files that could not contain viruses anyway:
$ sudo clamscan --infected --recursive --exclude-dir="^/sys" /
Using Chkrootkit
Chkrootkit is a popular rootkit scanner you can install on most distributions with the package manager. On an Ubuntu system, use the following command to install it:
$ sudo apt-get install chkrootkit
After you finish, scan your server with this command to check for any vulnerabilities:
$ sudo chkrootkit
The scan will check for many infections and print out its findings. You can scroll through the output to check for any warnings.
By default, chkrootkit will only output the results of its scans to the screen. If you wish to automate the checks or save the results for later, you can use the tee command to redirect the output to a log file:
$ sudo chkrootkit | sudo tee /var/log/chkrootkit/chkrootkit.log
Make sure to check the log for any warnings before continuing:
$ sudo cat /var/log/chkrootkit/chkrootkit.log | grep -i warning
Chkrootkit is a valuable tool that can help determine if a machine has been compromised. However, it shouldn't be the only scanner you use to diagnose infections. Use chkrootkit with other scanners to get the most accurate picture possible.
Conclusion
This guide provided basic step-by-step instructions to install various tools to scan your server for malware and viruses.
Aayush Nair has been designing WordPress websites for eight years now. He is also a content writer, writing blogs on technology and related topics, and likes helping people in his free time.
Related articles
-
Server Security Checklist
In this article we list a number of things you should check if you are setting up a server from scratch as well as a few things which can enhance security on our Perfect Server Stacks.
Last updated: November 10th 2022
-
How to check for open ports on your Ubuntu server
This article details various approaches to finding out which ports are open and accessible on your server.
Last updated: November 10th 2022
-
How to work with your firewall (UFW - Uncomplicated Firewall)
In this article we show how UFW - or Uncomplicated Firewall - works along with common commands and usage examples.
Last updated: January 10th 2024
-
SSH Security Configuration Settings
This article lists various settings for the SSH Daemon which impact server security.
Last updated: February 1st 2024
-
How to configure Fail2Ban for common services
How fail2ban can be configured for common services as well as how to utilize the fail2ban CLI tools to check status of various jails, unbanning users and more.
Last updated: August 22nd 2023
-
How to Secure Nginx with Naxsi Firewall on Ubuntu 18.04 VPS
This Article describes how you can set up and configure Naxsi firewall on a Webdock LEMP stack on Ubuntu Bionic 18.04.
Last updated: November 10th 2022
-
How to Secure Nginx with Naxsi Firewall on Ubuntu 20.04 VPS
This Article describes how you can set up and configure Naxsi firewall on a Webdock LEMP stack on Ubuntu Focal 20.04.
Last updated: March 8th 2024
-
How to configure Security Headers in Nginx and Apache
Here we outline which security headers are important to set in different scenarios in Nginx and Apache.
Last updated: November 10th 2022
-
How to enable Encryption for MariaDB
Enable Encryption of your database data with MariaDB as well as force all new tables created to be encrypted.
Last updated: October 29th 2024
-
How To Use Our Free BotGuard Bot Protection
In this article we show you how to activate and use our Free BotGuard Bot Protection which is included for free with all our VPS servers.
Last updated: November 4th 2024
-
Enhancing Nginx Security with IP Filtering and Password
A guide to enhance Nginx security with IP filtering (specific IP, and, IP ranges) and Password
Last updated: November 25th 2023
-
Securing Ubuntu: How to Detect System Vulnerabilities
Detect system vulnerabilities using Vuls
Last updated: December 20th 2023
-
Secure VPS Communication with SSL and UFW
A detailed guide to securely your communicate with your servers without requiring a VLAN setup.
Last updated: March 4th 2024
-
Configuring UFW and Fail2Ban to Mitigate Basic DDos Attacks
Instructions to protect your server from basic DDos attacks using UFW and Fail2Ban
Last updated: May 28th 2024