Linux: Scan Malware with aibolit
This guide will help you how to scan Linux web files by using aibolit. This only applicable with Linux only. We usually assist customer to scan them by using aibolit to check whether any malicious scripts within their web files. This case oftenly happen within Signetique and Exabytes ID department.
Table of Contents
Download AIBOLIT
Download aibolit within your command shell. Use wget.
$wget url-here
You will notice actually the download link is not in zip format. But actually, it is in zip format. You need to rename it first, then extract.
mv old-downloaded-name-here aibolit.zip; unzip aibolit.zip
Now locate ai-bolit folder and copy all contents to public document root which website that want to be scanned.
The file usually contained : AIBOLIT-WHITELIST.db and ai-bolit.php
Scan It
Now we need to scan, make sure use php above 5.4. If you are using Plesk, then use this pattern to scan with php7 instead. But make sure on the selected server is installed php7 already.
/opt/plesk/php/7.0/bin/php ai-bolit.php
The scan roughly up to 5~10 mins depends how many files there.
Finish
Once done, aibolit will generate simple html and you can put it into public document root and let customer know the exact URL. So they will also see the result.
Don’t forget to remove ai-bolit file such are these below within customer public web folder.
- AIBOLIT-WHITELIST.db
- ai-bolit.php
Errrr
