Chapter 8Malware Detection

The term malware encompasses a large range of unwelcome software that is designed to damage a computer. A partial list of malware might, for example, include viruses, spyware, Trojan horses, and worms. The rapid proliferation of such software is enough to concern users of all levels, from novices to seasoned administrators. The impact of malware ranges from essentially harmless pranks to the theft of personal information, such as banking details, or a denial of service.

Although the level of scaremongering in the news ebbs and flows, every good sysadmin knows that there's no such thing as a completely secure system. Despite the massive number of virus and malware threats that target Windows machines, all users of Unix-type machines should remember that these threats also exist for their systems.

One popular, sophisticated software package called Linux Malware Detect (LMD), from R-fx Networks (https://www.rfxn.com), helps to mitigate malware threats on Linux systems. Let's look at how you can effectively protect Linux machines against malware using the LMD package, which only focuses on malware, unlike other more diluted solutions.

Getting Started

Before we begin with looking at LMD itself, let's consider some potentially less obvious aspects of what's needed to successfully keep your malware software functioning correctly.

Definition Update Frequency

It is critical that malware signature updates be performed frequently; in fact, your system may be ...

Get Linux Server Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.