{"id":64367,"date":"2024-08-06T03:01:00","date_gmt":"2024-08-05T17:01:00","guid":{"rendered":"https:\/\/65.254.95.247\/ITblog\/?p=64367"},"modified":"2024-08-05T12:51:43","modified_gmt":"2024-08-05T02:51:43","slug":"almalinux-web-server-malware-scanning-tutorial","status":"publish","type":"post","link":"https:\/\/www.rjmprogramming.com.au\/ITblog\/almalinux-web-server-malware-scanning-tutorial\/","title":{"rendered":"AlmaLinux Web Server Malware Scanning Tutorial"},"content":{"rendered":"<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/Apache\/malware_scanning_via_imunifyav.gif\" rel=\"noopener\"><img decoding=\"async\" style=\"border: 15px solid pink;\" alt=\"AlmaLinux Web Server Malware Scanning Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/Apache\/malware_scanning_via_imunifyav.gif\" title=\"AlmaLinux Web Server Malware Scanning Tutorial\"  style=\"float:left;\"   \/><\/a><p class=\"wp-caption-text\">AlmaLinux Web Server Malware Scanning Tutorial<\/p><\/div>\n<p>If you maintain a computer it can be reassuring to have access to some quality <a target=\"_blank\" title='Malware information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Malware' rel=\"noopener\">Malware<\/a> Scanning functionality (often part of an AntiVirus suite of functionality located, for us, in amongst the cPanel functionality of our AlmaLinux WHM Linux web server software parts).  So it is with our &#8220;soon to be&#8221; RJM Programming AlmaLinux web server, which has provided us with <a target=\"_blank\" title='ImunifyAV' href='https:\/\/imunify360.com\/antivirus\/' rel=\"noopener\">ImunifyAV<\/a> &#8230;<\/p>\n<blockquote cite='https:\/\/imunify360.com\/antivirus\/'><p>\nImunifyAV: Best Free Linux Server Antivirus\n<\/p><\/blockquote>\n<p> &#8230; 7.14.0 version, further to previous malware blog posting regarding laptop themed <a title='Malware Protection Primer Tutorial' href='#mppt'>Malware Protection Primer Tutorial<\/a>.<\/p>\n<p>We&#8217;ve used ImunifyAV a few times, now, on our AlmaLinux web server, and find it easy to use, starting a session scanning &#8230;<\/p>\n<p><code><br \/>\n\/home*\/*<br \/>\n<\/code><\/p>\n<p> &#8230; folder specification, which covers the public parts of the RJM Programming domain reach.<\/p>\n<p>But we have come across some false positive Malware readings &#8230;<\/p>\n<p><img src='http:\/\/www.rjmprogramming.com.au\/Apache\/malware_scanner-31.jpg'><\/img><\/p>\n<p>How do we know?  It&#8217;s the combination of &#8230;<\/p>\n<ul>\n<li>what it suspected was inhouse code &#8230; and &#8230;<\/li>\n<li>we stopped it being flagged as &#8220;malware&#8221; via &#8230;\n<ol>\n<li>copied the code to a newly created folder (for speed of scanning purposes)<\/li>\n<li>found that for two inhouse code examples, now, by changing codelines that used to look like &#8230;<br \/>\n<code><br \/>\n   [some code statement];  \/\/ thanks to https:\/\/[domain]\/[requestURI]<br \/>\n<\/code><br \/>\n &#8230; to &#8230;<br \/>\n<code><br \/>\n   [some code statement];  \/\/ thanks to https [domain] [requestURI]<br \/>\n<\/code><br \/>\n &#8230; and the fact that this took the code off that &#8220;malware&#8221; suspicion list made us think that <a target=\"_blank\" title='Intrusion detection system information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Intrusion_detection_system' rel=\"noopener\">&#8220;signature based&#8221;<\/a> malware checking can throw up very occasional false positives\n<\/ol>\n<\/li>\n<li>delete this code and its temporary folder<\/li>\n<li>make the changes to the original code<\/li>\n<li>rerun the <i>\/home*\/*<\/i> (or subset) scanning run, to reassure\n<\/ul>\n<p>So, if a small number of these inhouse examples are found we recommend not panicking, and checking each one out for these &#8220;what must be signature based&#8221; Malware Scanning accidental &#8220;false positives&#8221;.  Else if still flagged &#8230; panic!  But seriously, you may need to examine further, or quarantine, via deletion perhaps, or purchase more ImunifyAV functionality that purports to fix such malware issues.<\/p>\n<p><!--p>You can also see this play out at WordPress 4.1.1's <a target=\"_blank\" href='\/\/www.rjmprogramming.com.au\/ITblog\/almalinix-web-server-malware-scanning-tutorial\/' rel=\"noopener\">AlmaLinix Web Server Malware Scanning Tutorial<\/a>.<\/p-->\n<hr>\n<p id='mppt'>Previous relevant <a target=\"_blank\" title='Malware Protection Primer Tutorial' href='\/\/www.rjmprogramming.com.au\/ITblog\/malware-protection-primer-tutorial\/' rel=\"noopener\">Malware Protection Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/Mac\/mwb.gif\" rel=\"noopener\"><img decoding=\"async\" style=\"border: 15px solid pink;\" alt=\"Malware Protection Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/Mac\/mwb.jpg\" title=\"Malware Protection Primer Tutorial\"  style=\"float:left;\"   \/><\/a><p class=\"wp-caption-text\">Malware Protection Primer Tutorial<\/p><\/div>\n<p>To quote <a target=\"_blank\" title='Malware information from Wikipedia, thanks' href='https:\/\/en.wikipedia.org\/wiki\/Malware' rel=\"noopener\">Wikipedia<\/a>, Malware is &#8230;<\/p>\n<blockquote cite='https:\/\/en.wikipedia.org\/wiki\/Malware'><p>\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network.[1] Malware does the damage after it is implanted or introduced in some way into a target&#8217;s computer and can take the form of executable code, scripts, active content, and other software.[2]\n<\/p><\/blockquote>\n<p> &#8230; and as such, should not be confused with another security concern called &#8220;computer viruses&#8221; &#8230; <a target=\"_blank\" title='Malware information from Wikipedia, thanks' href='https:\/\/en.wikipedia.org\/wiki\/Computer_virus' rel=\"noopener\">Wikipedia<\/a> again &#8230;<\/p>\n<blockquote cite='https:\/\/en.wikipedia.org\/wiki\/Computer_viruse'><p>\nA computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code.[1] When this replication succeeds, the affected areas are then said to be &#8220;infected&#8221; with a computer virus.[2][3]\n<\/p><\/blockquote>\n<p>Confusion could mean that you think a &#8220;computer virus&#8221; scanning system will protect you from Malware.  If the scanning product doesn&#8217;t say so, it doesn&#8217;t.   On our MacBook Pro we got offered the chance to try out a Malware controlling piece of software called <a target=\"_blank\" title='Malwarebytes' href='https:\/\/www.malwarebytes.com\/' rel=\"noopener\">Malwarebytes<\/a>, and we&#8217;ve been using its simple interface to scan for Malware at regular intervals.  We like it, and think you may like it too &#8230; hence the blog posting, for your perspicacious self, like.<\/p>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d44322' onclick='var dv=document.getElementById(\"d44322\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/scan\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d44322' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d64367' onclick='var dv=document.getElementById(\"d64367\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/malware\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d64367' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you maintain a computer it can be reassuring to have access to some quality Malware Scanning functionality (often part of an AntiVirus suite of functionality located, for us, in amongst the cPanel functionality of our AlmaLinux WHM Linux web &hellip; <a href=\"https:\/\/www.rjmprogramming.com.au\/ITblog\/almalinux-web-server-malware-scanning-tutorial\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1848,12,29,33,37],"tags":[4855,4866,270,4867,707,2239,4865,1096,1098,1114,1784,1166,2056,1319,1640,1411,1426],"class_list":["post-64367","post","type-post","status-publish","format-standard","hentry","category-software-coding","category-elearning","category-operating-system","category-software","category-tutorials","tag-almalinux","tag-antivirus","tag-cpanel","tag-detection","tag-linux","tag-malware","tag-malware-scan","tag-scan","tag-scanning","tag-security","tag-signature","tag-software-2","tag-suite","tag-tutorial","tag-virus","tag-web-server","tag-whm"],"_links":{"self":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64367"}],"collection":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/comments?post=64367"}],"version-history":[{"count":6,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64367\/revisions"}],"predecessor-version":[{"id":64373,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64367\/revisions\/64373"}],"wp:attachment":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/media?parent=64367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/categories?post=64367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/tags?post=64367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}