I searched through my /var/www folder where I have around 10 different websites with Linux Malware Detection with the following command:
sudo maldet --scan-all /wwwdata/
The report shows the following:
PATH: /wwwdata/
TOTAL FILES: 245806
TOTAL HITS: 7
TOTAL CLEANED: 0
WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users!
To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run:
/usr/local/sbin/maldet -q 221103-0112.1334586
FILE HIT LIST:
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /tmp/maldetect-1.6.4/files/sigs/md5.dat
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /tmp/maldetect-1.6.4/files/sigs/hex.dat
{HEX}php.gzbase64.inject.456 : /tmp/maldetect-1.6.4/files/sigs/rfxn.yara
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /tmp/maldetect-1.6.4/files/sigs/rfxn.ndb
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /tmp/maldetect-1.6.4/files/sigs/md5v2.dat
{YARA}Safe0ver_Shell__Safe_Mod_Bypass_By_Evilc0der_php : /tmp/maldetect-1.6.4/files/sigs/rfxn.hdb
{HEX}php.gzbase64.inject.456 : /tmp/maldetect-1.6.4/files/clean/gzbase64.inject.unclassed
===============================================
Linux Malware Detect v1.6.4 < proj@rfxn.com >
However, it doesn't say which files that were infected or in which path these files were found which is crucial for me. Is it just me not understanding how to use LMD or how can I get this information? I want to know since we are running many different Wordpress applications with various versions and different plugins.
