So i have installed Linux Malware Detect (maldet) to scan a server and everything went fine with installation but when i run it i get an error. Bunch of errors and than the scan just closes it.
Here is a command i have run on maldet to scan for a specific folder:
sudo maldet -a /opt/lampp/
Linux Malware Detect v1.5
(C) 2002-2014, R-fx Networks <proj@rfxn.com>
(C) 2014, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(4954): {scan} signatures loaded: 10728 (8824 MD5 / 1904 HEX / 0 USER)
maldet(4954): {scan} building file list for /opt/lampp/, this might take awhile...
maldet(4954): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(4954): {scan} file list completed in 1s, found 132591 files...
maldet(4954): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
maldet(4954): {scan} scan of /opt/lampp/ (132591 files) in progress...
maldet(4954): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!
maldet(4954): {scan} scan completed on /opt/lampp/: files 132591, malware hits 0, cleaned hits 0, time 28s
maldet(4954): {scan} scan report saved, to view run: maldet --report 150321-0045.4954
This is basically to scan lampp installation folder and i get an error, when i open a log file of clamscan_log i get this:
ERROR: Could not lookup : Servname not supported for ai_socktype
The list is a very long like 100 000 lines of those errors and than the scan ends due to error.
Before i installed maldet i installed clamav and clamtk(the gui for clamav) and run the scan with no problem.
I also had installed rkhunter and run that without problems.
The point is i have malicious wordpress file on the server and none clamav and rkhunter found it but i know the file is there and malicious because i am looking at it. The malicious code is actually in index.php of wordpress.
So i wanted to check with maldet also and scan for the code to see if it will detect the malicious code. But i can't scan it for some reason i get the error above, and none of the searches on the net got me a fix and solution for it.
Edit: and just for a note using: sudo clamscan, the clamscan works fine and scan the files normally.
Best Answer
I think your problem lies in the fact that there are two scan executables:
clamscanandclamdscan. The second one relies on theclamav-daemon- system service. In fact if you shut down this service and try to scan a file with theclamdscanexecutable in fact you'll get:I have never used maldet as you can read in your logs:
maldet(4954): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...it is in fact using the binary which needs the above mentioned service to be running.