Jun 28, 2016

How Do I Run a Malware Scan on My Server?


Keeping your server free of malware is a necessity. As businesses are more “plugged in” than ever, a secure transfer of data between client and server is critical to most operations. That’s why running a malware scan on your cloud server is an important part of your overall security strategy.

What to know before running a malware scan

First and foremost, it’s important to understand that these scans can take time. The amount of time can depend on the system and the state that it’s in. You’re going to need to identify whether you’re scanning for a Windows or Linux system, because the procedure will vary for each:
– For Windows, use MalwareBytes Anti-Malware.
– For Linux, use Maldet and findbot.pl.

Make sure to have backups of any directory you’re scanning. This is in case you have to remove any infected files in production. Always scan the directories that have content facing public internet users, and directories that are writable by your web app’s user accounts. Remember that scans may not remove every infection. If a typical malware scan doesn’t get everything and you need a deeper investigation, open a support request.

Running a malware scan on your computer and server

In order to run a successful scan, follow these steps:

1.) To get started, download the proper malware scanning program for Windows or Linux, as noted above.

2.) Take a backup of any important files in case they’re removed.

3.) Run the malware scan against your web directories as indicated by the software’s manual. Also, ensure that you choose options that will quarantine or remove any detected items. Some software will only scan and report detections, but not remove them unless you choose to do so.

4.) Review your site directories. Are there any unusual files that you don’t recognize? Those files could potentially be from malware.

Common mistakes when running a malware scan

If a malware scan isn’t performed correctly, your cloud server could be in danger. Don’t assume that a scan will be the only action needed. In many cases there will be follow-up steps that need to be taken in order to resolve the issue. Make sure that you perform the scan with quarantine or removal flags. Otherwise, if the scan detects malware and files have to be removed, you’ll need to confirm removal.

The scanning software takes time. The program has to investigate the contents of every single file on the server. If you need to quickly address a compromise, have the scan performed only on a single domain’s directory. Otherwise, the scan will involve the entire server, which will take much more time. In the event of a compromise, you can also scan only the directories which contain website files, instead of every single file on your server.

Sometimes, compromises may be written into site files that are still able to perform their original functions. This is tricky because the malware scan may remove these critical files. That’s why you should make sure to have backups in the event that you remove an important file over a compromise.

Explore HorizonIQ
Bare Metal


About Author


Read More