Skip to main content

Posts

How to Install Maldet Malware Detect and clean malware with clamav on Debian / Ubuntu ?

Linux Malware Detect (LMD), popularly known as Maldet is an open-source malware scanner for Linux released under the GNU GPLv2 license. It is designed around the threats faced in shared hosted environments. Install, configure and run this free software to detect and clean malware on your system.  Install Maldet # cd /usr/local/src/ # curl -O http://www.rfxn.com/downloads/maldetect-current.tar.gz # tar -zxvf maldetect-current.tar.gz # cd maldetect-1.6.2/ # bash install.sh ( best for Ubuntu 16.04 ) # sudo ./install.sh ( for Ubuntu 20.04 ) Configuration:  For configuring maldet, the configuration file at /usr/local/maldetect/conf.maldet has to be edited. # vi /usr/local/maldetect/conf.maldet Line no 16 # Enable Email Alerting email_alert="1" Line no 21 # Email Address in which you want to receive scan reports email_addr="you@domain.com" Line no 141 # Use with ClamAV scan_clamscan="1" Line no 173 # Enable scanning for root-owned files. Set 1 to disable.

How to use Malware Patrol along with ClamAv in Ubuntu 16.04/20.04 LTS?

Malware Patrol provides signatures that are compatible with Clam AV software. You can follow these simple steps to configure your Clam AV instance and protect your internal network, computers and users from getting infected by malware.  1) Make sure your Clam AV instance is installed and working properly. There are a few resources on the internet that can help you configure Clam AV in your platform.  If you are experiencing trouble installing and configuring Clam AV, start at the following URL:  How to install ClamAv antivirus with rspamd on Ubuntu 16.04/20.04 LTS? If you followed the above instructions, skip to step 14. 2. Install curl. For example: apt-get install curl 3. Install rsync. For example: apt-get install rsync 4. Install unzip. For example: apt-get install unzip 5. cd /tmp 6. wget -O clamav-unofficial-sigs.zip ‘https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip’ 7. unzip /tmp/clamav-unofficial-sigs.zip 8. cp /tmp/clamav-unofficial-sigs-master/clama

How to install ClamAv antivirus with rspamd on Ubuntu 16.04/20.04 LTS?

As usual I prefer to use open-source components. So the obvious choice is the famous ClamAV virus scanner. But its detection rate is ridiculously low with its default signatures. I heard of a study telling that in their tests ClamAV showed a 100% detection rate.  I myself have been scanning multiple infected emails with it (that have been found by another software) and it did not even find one infection.  So I started researching the alternatives – like a free-beer virus scanner from Sophos that worked well with the amavis-milter in the past. Its detection rate is pretty good. But no matter what I tried – I couldn’t get the two to work together. And to be honest… the documentation of rspamd’s antivirus module is incomplete to put say the least.  Then suddenly a friendly nerd pointed me to the SaneSecurity project that adds anti-virus signatures to ClamAV to make it actually useful. And this finally became the recommended solution for me. In a commercial setup where your customers

How to Install Memcached Server (Caching) on CentOS 7(CWP7)

It is important to secure your Memcached servers, Because systems like Memcached can contribute to denial of service attacks if improperly configured. We will explain how to install and secure your Memcached server on CentOS 7 Linux distribution. These given instructions also work on RHEL and Fedora Linux. First, update the system: # yum update -y Next, install the official Memcached package memcached; as well as libmemcached, which provides several utilities to work with Memcached: # yum install memcached libmemcached Note: libmemcached – a client library that offers a couple of tools to manage your Memcached server. Securing Memcached Configuration Settings for Local Access Only:   To make assure that installed Memcached service is listening on the 127.0.0.1 local interface, We will also disable the UDP listener. Both of these actions will protect our server from denial of service To do this, we will add the -U 0 parameter to our OPTIONS variable. The file in full should look l

How to Produce Postfix MTA logfile summary using Pflogsumm on CWP?

Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is designed to provide an over-view of Postfix activity, with just enough detail to give the administrator a "heads up" for potential trouble spots. Pflogsumm generates summaries and, in some cases, detailed reports of mail server traffic volumes, rejected and bounced email, and server warnings, errors and panics. CentOS 7 & Ubuntu 16: # yum -y install postfix-perl-scripts # sudo apt install pflogsumm [ For Ubuntu ] Generate Log Summary # perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog # perl /usr/sbin/pflogsumm -d today /var/log/maillog Generate Log Once a Day and Received via Mail # crontab -e 0 0 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/mail.log | mail -s 'Logwatch for Postfix' admin@awsmonster.com Generate More Details CentOS sudo pflogsumm /var/log/maillog [Weekly] sudo pflogsumm -d today /var/log/maillog --problems_first sudo pflogsumm -d today /var/log/maillog --rej_ad

How to Configure Postfix SMTP Relay on CWP CentOS 7 with Relay Provider ?

If you are using Google Cloud, Then you are not able to send email directly using SMTP 25 port. So You can configure your Postfix  to send email via relay using SASL authentication. Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix.  CASE A: I am using a VM on Google Cloud which is my Application server where multiple domain is hosted. I want to send email from specific domain using specific relay. You can use multiple relay for multiple domain. Another Domain will not able send email directly because GCP block SMTP 25 port for outgoing. Make sure the SASL authentication framework, and mailx are all installed # yum -y install cyrus-sasl-plain mailx In /etc/postfix/main.cf , Add the following lines #Relay smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_m

How to Remove Sensitive Data and Internal Network Information from Postfix Headers ?

E-mail header contain some sensitive information. I’ll show you how to remove that information from the Postfix headers. note: some email clients will mark your email as spam if your header doesn’t contain an IP address. It is also very important to keep header details for your analysis. If any user started to spamming or compromised , then we must need header for analysis. So we will remove only our client private network details. We are assuming that postfix is already up and running and will make below changes. Step:1 Edit ‘/etc/postfix/main.cf’ file header_checks = regexp:/etc/postfix/header_checks Step:2 Append the below line in ‘/etc/postfix/header_checks’ [at the bottom] /^Received:/ IGNORE Step:3 Run postmap to apply the new configuration in /etc/postfix/header_checks [root@server1 ~]# postmap /etc/postfix/header_checks Step:4 Restart or Reload the postfix server [root@server1 ~]# systemctl restart postfix [root@server1 ~]# postfix reload Actually this