Topics Archives:

You are here:

Where can I find the malware BitNinja caught

You can find all the Malwares BitNinja caught on your servers under the Anti-Malware / Infected Files menu point on the Dashboard Go to theAnti-Malware menu point at the top of the DashboardSelect the Infected Files menu point at the topSelect the time period that you would like to display the...

Validating suspicious files

BitNinja presents a new dashboard feature: the file signature validator.Our Defense Robot module is proactively looking for backdoors and malware on the server. However, the file signatures generated by the Defense Robot are in validating state by default. Meaning that the files matching these sign...

The scheduled Malware scan didn’t start on the server

Let's check You can check if the scheduled malware scan was complete or not in the /var/log/bitninja/mod.malware_scanner.log files' date of creation or the timestamps in the log file. What's the issue Solution You can try and turn the scheduled Malware scan off and on again. You can...

The Defense Robot module adds malware signatures

The Defense Robot module will add malware signatures to the Malware database. The malware signatures are generated from the files that were used to upload malware. To avoid any possible issue caused by the false-positive catches the files matching these signatures will not be quarantined they wil...

Malware detection /Malware scanner

BitNinja has a real-time Malware detection module. Any file modification or file upload is detected by BitNinja and the Malware detection module scans the file for malware. You can read more about this module here: https://doc.bitninja.io/modules/malware-detection.html

How to check if the Malware scan is running

Check the Dashboard You can check the malware scans in progress on the servers under the Anti-Malware/ Scan Settings point and by and selecting the server at the top right. You can see the Malware scans in progress at the bottom of the page. No progress on the Dashboard The progress...

How to add malware signatures to the BitNinja Malware database

If a malware’s signature is not in our malware signature database then BitNinja can not detect the malware. But you can easily add a malware signature to the database. And You can protect all of your servers instantly from that malware which has just been added as a signature. After you have f...

Fine-tuning the Malware Detection / Scanner module

Inotify user Watches The Inotify user watches are increased by BitNinja to 30000000. In case you need to increase the value even further you can use theecho 35000000 > /proc/sys/fs/inotify/max_user_watches command. How to configure the Malware Detection/Scanner module: Open the Malw...

Error: dispatch err (pipe full) event lost, dispatch error reporting limit reached – ending report notification

Increase the q_depth You just have to increase the q_depth value to solve the issue. Open the /etc/audisp/audispd.conf file with a text editornano /etc/audisp/audispd.confFind the q_depth value and set it to q_depth=4096in nano use ctrl+w then type q_depth Save the changes ...

Does the Inotifywait process increase the server load? Change Inotify to AuditD

Check if AuditD can be used tart AuditD temporally with this command:bitninjacli --module=MalwareDetection --use-auditdCheck if the necessary AuditD rules are generated. You can do that with auditctl -lAuditD will log to the same file so you can check if AuditD is running with tail -f /var/l...