How to Scan and Clean Your Cloud Linux Server from Malware

Learn how to uncover potential malware and security risks on your cloud Linux server using essential scanning tools.

Why Malware Detection is Crucial for Your Cloud Server

Some unexpected behavior on a cloud Linux server could be a result of a malware infection, while other malicious software might not alert to its presence. Scanning your system for different types of unwanted programs can help identify potential issues, or at least give you peace of mind knowing that your server is clean.

There are multiple options for ensuring your cloud server is free from malware. In this guide, we will discuss a couple of essential scanning software tools you can utilize to check your system.

ClamAV: A Popular Antivirus Solution for Linux

ClamAV is a well-known open-source antivirus engine that is available on a wide range of platforms, including most Linux distributions. To install ClamAV on your system, use the following command:

sudo apt-get install clamav clamav-daemon

Once the required modules are installed, you should update the virus database for ClamAV:

sudo systemctl stop clamav-freshclam
sudo freshclam

After updating the virus definitions, start and enable the services:

sudo systemctl start clamav-freshclam
sudo systemctl enable clamav-freshclam

Now, perform a test scan on your home directory to ensure everything is working properly:

sudo clamscan -r /home

If your home directory doesn’t contain any viruses or malware, the scan should return no results.

How to Test ClamAV

To test if ClamAV is working, you can download the EICAR test file, which is harmless but designed to trigger antivirus software alerts:

wget -P ~/ http://www.eicar.org/download/eicar.com

Now run the same scan again on your home directory. If ClamAV detects the file, it will confirm that the scanner is functioning properly:

sudo clamscan -r /home

Once detected, remove the test file with the following command:

sudo clamscan --infected --remove --recursive /home

For a comprehensive scan of your entire server, you can use the following command:

sudo clamscan --infected --recursive --exclude-dir="^/sys" /

Rkhunter: Rootkit Detection Tool

Rkhunter is a powerful tool for scanning your system for rootkits and other vulnerabilities. To install Rkhunter on your server, run:

sudo apt-get install rkhunter

After installation, update the file properties database to avoid false alarms:

sudo rkhunter --propupd

Now, you can scan your system with the following command:

sudo rkhunter --checkall

The scanner will analyze system commands, network settings, rootkits, and other potential malware. View the scan log with:

sudo cat /var/log/rkhunter.log | grep -i warning

Chkrootkit: Another Useful Rootkit Scanner

Chkrootkit is another popular scanner that checks for rootkits and infections on Linux systems. Install it with:

sudo apt-get install chkrootkit

Once installed, run the following command to scan your server:

sudo chkrootkit

If you want to automate this process or save the results to a log file, use:

sudo chkrootkit | sudo tee /var/log/chkrootkit/chkrootkit.log

Review the log file for warnings:

sudo cat /var/log/chkrootkit/chkrootkit.log | grep -i warning

Conclusion: Keeping Your Cloud Linux Server Clean

Securing your cloud server against malware is crucial for maintaining system integrity. Tools like ClamAV, Rkhunter, and Chkrootkit are valuable for scanning and detecting malicious software, ensuring your system remains free from unwanted programs and vulnerabilities.

By regularly using these tools and keeping your system updated, you can reduce the risk of security breaches and enjoy peace of mind knowing your server is secure.