Linux Malware Detect (LMD) or Maldet is a malware scanner for Linux I used for checking threats while managing Linux servers.

In Ubuntu or CentOs, I like to use the following directory:

$ cd /usr/local/src

Here are the commands I use for a quick installation:

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install wget -y
$ cd /tmp/ && wget
$ tar xfz maldetect-current.tar.gz
$ cd maldetect-1.6.4
$ sudo && ./

then I verify the installation by checking the version running with this command:

$ maldet --version
$ Latest version: v1.6.4 | Mar 18 2019

Some of the settings I use:

$ sudo nano /usr/local/maldetect/conf.maldet

I leave most of the default configuration but these are the minimum changes I configure:

Enable Email Alerts


The destination Email Addresses where I want to send the scan reports


If installed, I use the ClamAV clamscan binary as default


Enable scanning for root-owned files. Set 1 to disable.


Move hits to quarantine & alert


Suspend user if malware is found.


Command to update the Maldet virus definition database

maldet -u

To check the latest version

maldet -d

You can google for detailed instructions on how to use it. I just want to share a few benefits I get by using Maldet in our servers.

  • MD5 file hash detection for quick threat identification
  • integrated detection of ClamAV to use as scanner engine
  • scan-all option for full path based scanning
  • quarantine queue that stores threats in a safe fashion with no permissions
  • quarantine suspend account option to Cpanel suspend or shell revoke users
  • cleaner rules to attempt removal of malware injected strings
  • daily cron based scanning of all changes in last 24h in user home directories
  • daily cron script compatible with stock RH style systems, Cpanel & Ensim
  • e-mail alert reporting after every scan execution (manual & daily)
  • verbose logging & output of all actions.

Some of my favorite commands

Targeting file extensions or entire directories

maldet -a /var/www/html/*.php

Checking reports

sudo maldet --report 210724-0528.4723
maldet -a /home/username/

To attempt a clean on all malware results from a previous scan that did not have the feature enabled, use the command:

maldet –clean SCANID


Maldet is one of the best choices to monitor your servers against malware and viruses.


If you need me for a consultation or to manage your Linux server, contact me via


Submit a Comment



¿No sabes por donde empezar?