[How-To] Linux Malware Detect on Directadmin Powered server

[Richard G]

Since today, Maldetect is throwing errors. Anybody else too? This was the mail from cron:

/etc/cron.daily/maldet:

/etc/cron.daily/maldet: line 105: unexpected EOF while looking for matching `"'
/etc/cron.daily/maldet: line 108: syntax error: unexpected end of file

Odd, because line 105 is a blank line and line 108 only has the "fi" statement.

 

[zEitEr]

The error was reported during the upgrade which happened once tonight. It is not going repeatedly, and is not reproducible by manual triggering the cron script.

 

[Richard G]

during the upgrade

It was indeed during the upgrade tonight. If it is not coming back then we don't need to worry about it.
Thank you for the quick answer!

 

[ViAdCk]

Since the latest update to 1.6.6 I get the following error on all servers:

Feb 26 2025 03:42:41 maldet(2510122): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep -type f \( -mtime -1 -o -ctime -1 \) -size +24c -size -6947618c -not -perm 000 -not -uid 0 -not -gid 0
Feb 26 2025 03:42:41 servidor1 maldet(2510122): {scan} scan returned empty file list; check that path exists, contains files in days range or files in scope of configuration.

Is anyone else having the same issues and/or knows how to fix this?

This has happened on multiple servers simultaneously after the update, before it was working just fine.

 

[splby]

We also had the same problem on our servers after updating to the latest version:

maldet(3672940): {scan} executed /bin/nice -n 19 /bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep -type f \( -mtime -1 -o -ctime -1 \) -size +24c -size -6947618c -not -perm 000 -not -uid 0 -not -gid 0
maldet(3672940): {scan} scan returned empty file list; check that path exists, contains files in days range or files in scope of configuration.

 

[zEitEr]

And why do you think it's an error? Do you have files there that were modified during the last 1 day?

 

[splby]

For our check yesterday new files were added to the test account, also it is hard to believe that cms does not provide a cache of new files at least on one site. Before the update every day there were some files, after the update no.

 

[zEitEr]

Downgrade to 1.6.5 which should still exist under /usr/local/ folder, e.g. /usr/local/maldetect.bk12565 and disable auto upgrades:

perl -pi -e 's#^autoupdate_version=.*#autoupdate_version="0"#' /usr/local/maldetect/conf.maldet

Control the version in /usr/local/maldetect/VERSION/

And/or report the bug to:

Linux Malware Detect v1.6.6
            (C) 2002-2025, R-fx Networks <[email protected]>
            (C) 2025, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL v2

 

[splby]

Let's roll back the version. Thanks.

 

[zEitEr]

The issue is already reported here: https://github.com/rfxn/linux-malware-detect/issues/440

 

[Richard G]

And/or report the bug to:

That won't work, tried to mail them before and mail came back because of missing MX record. So Github is the only way.
Good to see it's reported already.

 

[Remco00]

On Github:

This is addressed in latest commit and release will be cut today to roll out to the fleet / github stable release.

 

[zEitEr]

That won't work, tried to mail them before and mail came back because of missing MX record. So Github is the only way.

Yes, I realised the same. The contact email changed to ryan at rfxn.com

 

[zEitEr]

On Github:

Already there:

v1.6.6.1 | Feb 25 2025:
[Fix] find_recentopts incorrectly escaping find options to the right of ( -mtime .. -ctime ); previously normalized by eval; issue #440, pr#442
[Fix] persist configuration value inotify_docroot between upgrades; issue #439