vdserver scan?
Форум
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Christos Panagiotakis
  2. Sunday, 30 July 2017
  3.  Subscribe via email
Did you drop maldet / clam scanning ?

I found it weird when I tried to clean up an infected server and i see a vdserver/scan running.
The weird is its speed.

For the same folder (whole /home) .
CXS did it in 8 hours
cxs Scan on atlas (Hits:17056) (Viruses:6978) (Fingerprints:429)
TimeStamp: Sat, 29 Jul 2017 12:27:51 +0300
Email report / ended at : 29-Jul-17 8:31 PM


Imunify still running

root 535857 96.8 2.4 1490332 797800 ? SNsl Jul29 1635:12 /usr/local/vdserver/scan --json --threads 1 --configfile /usr/local/vdserver/config.json @/tmp/tmphaneykr4


For the last ~24+ hours and public_html only and it didn't finished
Status: Running With Parameters
Folder: /home*/*/public_html
query_builder
a day ago

I'll also try maldet with the same /home/*/public_html when vdscan finish. Eventually.

Will update with findings, false positives or which of 3 (imunify/maldet/cxs) found the most infections/backdoors on this infected system.
It should be handy for benchmarking.
Rate this post:
  1. 02.08.2017 07:08:17
  2. # 1
Nikolay Accepted Answer
Posts: 8
Joined: 10.03.2017
0
Votes
Undo
Did you drop maldet / clam scanning ?

We are dropping maldet in the next beta release (~7.08).

But clamav still be using.
Currently, imunify360 under the hood is using three different vendors of scan for the better false negative rate. The scan for each vendor run sequentially step by step. That's why it's worked slowly than CXS.

In Q3 we are planning to improve the performance of scan.

--
imunify360 dev team
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
гость
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.