As of last week, maldet has started saving its update files in the root directory instead of /usr/local/maldetect/ . This is not only giving us false positives but I'm also worried that maldet is still using the old signatures since the new ones are in the wrong spot. Is there a way to configure where these files are saved? Or is the another solution to this issue?
(The following files are the files that are saving to root instead of maldet folder)
/sigs/rfxn.hdb
/sigs/hex.dat
/sigs/rfxn.ndb
/sigs/md5.dat
/sigs/md5v2.dat
/sigs/rfxn.yara
/clean/gzbase64.inject.unclassed
/maldet-clean.tgz
/maldet-sigpack.tgz
(The following files are the files that are saving to root instead of maldet folder)
/sigs/rfxn.hdb
/sigs/hex.dat
/sigs/rfxn.ndb
/sigs/md5.dat
/sigs/md5v2.dat
/sigs/rfxn.yara
/clean/gzbase64.inject.unclassed
/maldet-clean.tgz
/maldet-sigpack.tgz