diff --git a/include/tests_malware b/include/tests_malware index 4f68b9aa..cb13ca96 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -37,9 +37,12 @@ KASPERSKY_SCANNER_RUNNING=0 MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 + MALWARE_DAEMON_RUNNING=0 + ROOTKIT_SCANNER_FOUND=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 + TRENDMICRO_DSA_DAEMON_RUNNING=0 # ################################################################################# # @@ -52,6 +55,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${CHKROOTKITBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=chkrootkit" else @@ -70,6 +74,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${RKHUNTERBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=rkhunter" else @@ -108,6 +113,7 @@ if IsRunning "com.avast.daemon"; then FOUND=1 AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avast security product" @@ -119,6 +125,7 @@ if IsRunning "avqmd"; then FOUND=1 AVIRA_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avira security product" @@ -130,6 +137,7 @@ if IsRunning "bdagentd" || IsRunning "epagd"; then FOUND=1 BITDEFENDER_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Bitdefender security product" @@ -154,6 +162,7 @@ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found CylancePROTECT service" AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=cylance-protect" fi @@ -163,6 +172,7 @@ if IsRunning "esets_daemon"; then FOUND=1 ESET_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found ESET security product" @@ -181,6 +191,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Kaspersky" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=kaspersky" fi @@ -197,6 +208,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found McAfee" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=mcafee" fi @@ -215,6 +227,7 @@ if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Sophos" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=sophos" fi @@ -235,6 +248,7 @@ if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found one or more Symantec components" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 FOUND=1 Report "malware_scanner[]=symantec" @@ -245,18 +259,33 @@ if IsRunning "synoavd"; then FOUND=1 SYNOLOGY_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Synology Antivirus Essential" Report "malware_scanner[]=synoavd" fi + # Trend Micro Anti Malware for Linux + # Typically ds_agent is running as well, the Deep Security Agent + LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component" + if IsRunning "ds_am"; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Trend Micro Anti Malware component" + FOUND=1 + MALWARE_SCANNER_INSTALLED=1 + MALWARE_DAEMON_RUNNING=1 + TRENDMICRO_DSA_DAEMON_RUNNING=1 + Report "malware_scanner[]=trend-micro-am" + fi + # TrendMicro (macOS) LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" if IsRunning "TmccMac"; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Trend Micro component" FOUND=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=trend-micro-av" fi @@ -298,6 +327,7 @@ if IsRunning "clamd"; then Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found running clamd process" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 CLAMD_RUNNING=1 else @@ -354,6 +384,31 @@ # ################################################################################# # + # Test : MALW-3290 + # Description : Presence of malware scanners + Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then + Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW + else + Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN + if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then + Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN + fi + if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN + fi + fi + fi +# +################################################################################# +# + + Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"