Topics Archives:

You are here:

Where can I find the malware BitNinja caught

You can find all the Malwares BitNinja caught on your servers under the Anti-Malware / Infected Files menu point on the Dashboard Go to the Anti-Malware menu point at the top of the DashboardSelect the Infected Files menu point at the topSelect the time period that you would like to display th...

Validating suspicious files

Our Defense Robot module is proactively looking for backdoors and malware on the server. However, the file signatures generated by the Defense Robot are in validating state by default. Meaning that the files matching these signatures are only logged but not quarantined to avoid false positive cat...

The scheduled Malware scan didn’t start on the server

Let's check You can check if the scheduled malware scan was complete or not in the /var/log/bitninja/mod.malware_scanner.log files' date of creation or the timestamps in the log file. What's the issue Solution You can try and turn the scheduled Malware scan off and on again. You can...

The Defense Robot module adds malware signatures

The Defense Robot module will add malware signatures to the Malware database. The malware signatures are generated from the files that were used to upload malware. To avoid any possible issue caused by the false-positive catches, the files matching these signatures will not be quarantined. They w...

MalwareDetection load optimization

If your server's load is high while the MalwareDetection module is enabled, follow this troubleshooting guide to resolve the issue. Find out what causes the issue. Inotifywait process We need to check if the load is increased by the Inotifywait process or the MalwareDetection process its...

How to check if the Malware scan is running

Check the status of the Malware scanner from your Dashboard To monitor the ongoing malware scans on the servers, simply navigate to the Anti-Malware/Overview page. Check the currently running scans from cli You can check your currently running scans with the command.bitninjacli --module=...

How to add malware signatures to the BitNinja Malware database

If a malware’s signature is not in our malware signature database then BitNinja can not detect the malware. But you can easily add a malware signature to the database. And You can protect all of your servers instantly from that malware that has just been added as a signature. After you have fo...

Fine-tuning the Malware Detection / Scanner module

Inotify user Watches The Inotify user watches are increased by BitNinja to 30000000. In case you need to increase the value even further, you can use theecho 35000000 > /proc/sys/fs/inotify/max_user_watches command. How to configure the Malware Detection/Scanner module: Open th...

Error: dispatch err (pipe full) event lost, dispatch error reporting limit reached – ending report notification

Increase the q_depth You just have to increase the q_depth value to solve the issue. Open the /etc/audisp/audispd.conf file with a text editornano /etc/audisp/audispd.confFind the q_depth value and set it to q_depth=4096in nano use ctrl+w then type q_depth Save the chan...

Does the Inotifywait process increase the server load? Change Inotify to AuditD

Check if AuditD can be used To start AuditD temporally with this command:bitninjacli --module=MalwareDetection --use-auditd Check if the necessary AuditD rules are generated. You can do that with auditctl -l AuditD will log to the same file so you can check if AuditD is running wi...