Shulou(Shulou.com)06/03 Report--

Preface

ClamAV and hm are open source antivirus engines for detecting Trojans, viruses, malware and other malicious threats.

First of all, through the startup script, the attack program runs as a daemon in the background after booting, and the child process of the daemon is still the daemon, which makes the process not easy to find.

The way to execute a program as a daemon after booting is simple by adding the path and file name of the corresponding executable file to the startup script. First compile your own program by generating an executable file

Wget-O hm-linux.tgz http://down.shellpub.com/hm/latest/hm-linux-amd64.tgz?version=1.6.0tar xvf hm-linux.tgz

Create a soft connection sudo ln-s hm program full path / usr/bin/hm

Scan the back door

Hm scan your web directory scan is completed and the result will be saved as a result.csv file.

View help hm-h

View version

Hm version

Upgrade hm update

Clamav installation

Yum-y install clamavcd / var/lib/clamav/touch clamd-socket

Account group permissions

Chown root:root / var/lib/clamav/clamd-socket

(method 1) update the virus database file, (if an error is reported, kill the process and execute it again) freshclam-v

View Port

Ps-ax | grep clam

(method 2) Update the virus database file wget http://database.clamav.net/main.cvdwget http://database.clamav.net/daily.cvd

Scan a file

Clamscan-r / scan files

Save the scan file to / root/

Clamscan-r / scan file-log=/root/scan.log

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.