Mini Shell

Direktori : /proc/thread-self/root/proc/thread-self/root/proc/self/root/opt/maldetect/
Upload File :
Current File : //proc/thread-self/root/proc/thread-self/root/proc/self/root/opt/maldetect/conf.maldet

#!/bin/bash
#
##
# Linux Malware Detect v1.4.1
#             (C) 2002-2011, R-fx Networks <proj@r-fx.org>
#             (C) 2011, Ryan MacDonald <ryan@r-fx.org>
# inotifywait (C) 2007, Rohan McGovern  <rohan@mcgovern.id.au>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#

##
# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=0

# The subject line for email alerts
email_subj="maldet alert from $(hostname)"

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr="you@domain.com"

# Ignore e-mail alerts for reports in which all hits have been cleaned.
# This is ideal on very busy servers where cleaned hits can drown out
# other more actionable reports.
email_ignore_clean=0

##
# [ QUARANTINE OPTIONS ]
##
# The default quarantine action for malware hits
# [0 = alert only, 1 = move to quarantine & alert]
quar_hits=0

# Try to clean string based malware injections
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = clean]
quar_clean=1

# The default suspend action for users wih hits
# Cpanel suspend or set shell /bin/false on non-Cpanel
# [NOTE: quar_hits=1 required]
# [0 = disabled, 1 = suspend account]
quar_susp=0
# minimum userid that can be suspended
quar_susp_minuid=500

##
# [ SCAN OPTIONS ]
##
# The maximum directory depth that the scanner will search
# [ changing this may have an impact on scan performance ]
maxdepth=15

# The minimum in bytes for a file to be included in a scan
# [ changing this may have an impact on scan performance ]
minfilesize=32

# The maximum file size for a file to be included in scan
# search results; use man find for accepted values
# [ changing this may have an impact on scan performance ]
maxfilesize="768k"

# The maximum byte depth that the scanner will search into
# a files contents; default rules expect a 1024*60 depth
# [ changing this may have an impact on scan performance ]
hexdepth=61440

# Use named pipe (FIFO) for passing file contents hex data
# instead of stdin default; improved performance and greater
# scanning depth
# [ 0 = disabled, 1 = enabled; enabled by default ] 
hex_fifo_scan=0

# The maximum byte depth that the scanner will search into
# a files contents; default rules expect a 1024*60 depth
# [ changing this may have an impact on scan performance ]
hex_fifo_depth=524288

# Attempt to detect the presence of ClamAV clamscan binary
# and use as default scanner engine; up to four times faster
# scan performance and superior hex analysis. This option
# only uses ClamAV as the scanner engine, LMD signatures
# are still the basis for detecting threats.
# [ 0 = disabled, 1 = enabled; enabled by default ] 
clamav_scan=1

# Allow non-root users to perform malware scans. This must be
# enabled when using mod_security2 upload scanning or if you
# want to allow users to perform scans. When enabled, this will
# populate the /opt/maldetect/pub/ path with user owned
# quarantine, session and temporary paths to faciliate scans.
# These paths are populated through cron every 10min with the
# /etc/cron.d/maldet_pub cronjob.
public_scan=1

##
# [ STATISTICAL ANALYSIS ]
##
# The string length test is used to identify threats based on the
# length of the longest uninterrupted string within a file. This is
# useful as obfuscated code is often stored using encoding methods
# that produce very long strings without spaces (e.g: base64)
# [ string length in characters, default = 150000 ]
string_length_scan="0"		# [ 0 = disabled, 1 = enabled ]
string_length="150000"		# [ max string length ]

##
# [ MONITORING OPTIONS ]
##
# The base number of files that can be watched under a path
# [ maximum file watches = inotify_base_watches*users ]
inotify_base_watches=15360

# The sleep time in seconds between monitor runs to scan files
# that have been created/modified/moved
inotify_stime=30

# The minimum userid that will be added to path monitoring when
# the USERS option is specified
inotify_minuid=500

# This is the html/web root for users relative to homedir, when
# this option is set, users will only have the webdir monitored
# [ clear option to default monitor entire user homedir ]
inotify_webdir=public_html

# The priority that monitoring process will run as
# [ -19 = high prio , 19 = low prio, default = 10 ]
inotify_nice=15

Zerion Mini Shell 1.0