Central malware or av scanner

N

NathanExact

New Member
Joined
Apr 5, 2024
Messages
5
Reaction score
0
Credits
42
Hi, Can anyone help, I am looking for a way to scan my LAN for viruses or malware every night using Kali, I know there are some paid bit of software that do this, does anyone know if there is anything free I can use to do this?

My aim is to be able to scan my 10/15 vms on my LAN from kali, get some sort of report and if possible be able to schedule it every night. or weekly.

Any help here would be great.

Thanks,

Nathan
 


Do you want to scan open ports / automatically check if any services can be exploited from the outside, or do you want to run software in each VM that checks locally for opportunities to improve security?

As for report, what you most likely rather want is monitoring with alerting if there is an issue - I personally discourage "reports" as they require time from you even if there is nothing (new) to report.
 
I am not looking for a vulnerability scanner as I already have a few of those in place to scan for ports that could be exploited, What I am looking for is something to scan multiple VMs for any viruses or malware, something I can run from my Kali server or a windows machine on my LAN.
 
something to scan multiple VMs for any viruses or malware, something I can run from my Kali server
Click to expand...

Ok, so to clarify - you want to run software ON the VMs, as in inside the VMs, to check if malware is installed, and report the result back to a central server, yes?

What operating systems are those VMs running?
 
blunix said:
Ok, so to clarify - you want to run software ON the VMs, as in inside the VMs, to check if malware is installed, and report the result back to a central server, yes?

What operating systems are those VMs running?
Click to expand...
Yes. I have a mixture of Windows server 2012R2, Windows server 2016, Windows server 2019, Windows 10 Pro and also a Ubuntu server.
 
windows no idea, but others in the forum might be able to answer that.

To check an ubuntu server for malware running on said ubuntu server: rkhunter, chkrootkit

This topic isn't that popular in Linux because its compliance, not security. We (Linux nerds) generally prefer to setup systems securely so they don't get hacked in the first place. Once an attacker is inside your system, it is extremely easy to avoid detection by any kind of scanner - its not about the scanners quality, its just not possible.

What we do is IDS - intrusion detection systems. That means, for example, analyzing the network traffic of a specific server to see if somebody is sending data to a weird destination, to make one simple example. Those run agents on the host as well, however the first thing you would do after becoming root on a host would be to disable that.
That topic is a bit complex.

If you are unfamiliar with Linux in general, and you want to "install something to check if your box got hacked" and be done with it, that doesn't exist (it doesn't exist for windows either - that whole concept is called "compliance instead of security").

You can become a linux expert and install + configure + maintain a SIEM like splunk, wazuh, surricata or similar. But thats actual work ;)

PS: kali is for pentesting, as in trying to attack your own servers to see if they can be exploited - which you can automate as well of course.

PPS: If you are not a bank just configure your ubuntu server reasonably secure and you will be ok in 99% of the cases. We are currently working on a thread that describes how to do that.
 
blunix said:
windows no idea, but others in the forum might be able to answer that.

To check an ubuntu server for malware running on said ubuntu server: rkhunter, chkrootkit

This topic isn't that popular in Linux because its compliance, not security. We (Linux nerds) generally prefer to setup systems securely so they don't get hacked in the first place. Once an attacker is inside your system, it is extremely easy to avoid detection by any kind of scanner - its not about the scanners quality, its just not possible.

What we do is IDS - intrusion detection systems. That means, for example, analyzing the network traffic of a specific server to see if somebody is sending data to a weird destination, to make one simple example. Those run agents on the host as well, however the first thing you would do after becoming root on a host would be to disable that.
That topic is a bit complex.

If you are unfamiliar with Linux in general, and you want to "install something to check if your box got hacked" and be done with it, that doesn't exist (it doesn't exist for windows either - that whole concept is called "compliance instead of security").

You can become a linux expert and install + configure + maintain a SIEM like splunk, wazuh, surricata or similar. But thats actual work ;)

PS: kali is for pentesting, as in trying to attack your own servers to see if they can be exploited - which you can automate as well of course.

PPS: If you are not a bank just configure your ubuntu server reasonably secure and you will be ok in 99% of the cases. We are currently working on a thread that describes how to do that.
Click to expand...
ok so there isn't something I can just run from kali to scan windows vms for viruses then. that's a shame, I knew there are lot's of vulnerability scanner on kali but just thought there might be something like that.
 
there are, chkrootkit and rkhunter. I'm just saying the whole approach doesn't really make sense, on Linux as on Winndows, as it is very easy to obfuscate malware.
You have to take more complex measures than "running an anti-virus program" to effectively be able to detect malware. Running a scanner alone doesn't hurt, but the chance of it finding anything is negligable, especially if you properly secured your ubuntu.

After reading your reply again, I'm still not sure I get you right. Kali is a pentesting toolkit basically. You can run (automated) attacks against your windows (and ubuntu ofc) and log the results.

I thought what you want is to run "antivirus-software" ON windows and ubuntu, and import the results to your central "kali-monitoring-system".
 
blunix said:
there are, chkrootkit and rkhunter. I'm just saying the whole approach doesn't really make sense, on Linux as on Winndows, as it is very easy to obfuscate malware.
You have to take more complex measures than "running an anti-virus program" to effectively be able to detect malware. Running a scanner alone doesn't hurt, but the chance of it finding anything is negligable, especially if you properly secured your ubuntu.

After reading your reply again, I'm still not sure I get you right. Kali is a pentesting toolkit basically. You can run (automated) attacks against your windows (and ubuntu ofc) and log the results.

I thought what you want is to run "antivirus-software" ON windows and ubuntu, and import the results to your central "kali-monitoring-system".
Click to expand...
So what I am looking for is a tool that can scan my LAN for viruses or malware. I just want to know if there is anything out there for free that can do this. I was just asking if Kali had any software that can do this. It would be handy to have some central app or software I can scan machines on my LAN and see if there are any viruses detected.

E.G. something like this. https://www.goto.com/it-management/features/managed-antivirus
 
to the best of my knowledge there is no antivirus that is going to work on both windows and linux. However there really is almost no reason to run AV on linux, other than catching windows virus being transported. Also is this another Kali person that really shouldn't be using kali? Go with Fedora or ubuntu like the other poster said. If you do a halfway decent setup (remove default passwords etc) you will not have to worry about problems on the system. As for windows I would just let windows defender run and keep a snapshot of the VM. That is how I handle my windoze VMs. If I have a problem I will see it when that particular VM runs and I just revert to a clean snapshot.
I seriously doubt you will find anything that will pick up reports from the windoze VMs and report it to a management console on Linux unless you make one.
Now as for Kali, are you doing penetration testing? if not I suggest get rid of Kali and use something meant for what you are doing. Which again Fedora or Ubuntu will be perfect. Kali is not for high security, it is to TEST high security. Regular use of Kali is just not recommended. You will find that Fedora and Ubuntu will be much less problematic for you.
 
You must log in or register to reply here.

Members online

Total: 655 (members: 1, guests: 654)

Latest posts

Top