Linux Malware Detect (LMD) or Maldet is a malware scanner for Linux I used for checking threats while managing Linux servers.
In Ubuntu or CentOs, I like to use the following directory:
$ cd /usr/local/src
Here are the commands I use for a quick installation:
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install wget -y
$ cd /tmp/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
$ tar xfz maldetect-current.tar.gz
$ cd maldetect-1.6.4
$ sudo && ./install.sh
then I verify the installation by checking the version running with this command:
$ maldet --version
$ Latest version: v1.6.4 | Mar 18 2019
Some of the settings I use:
$ sudo nano /usr/local/maldetect/conf.maldet
I leave most of the default configuration but these are the minimum changes I configure:
Enable Email Alerts
The destination Email Addresses where I want to send the scan reports
If installed, I use the ClamAV clamscan binary as default
Enable scanning for root-owned files. Set 1 to disable.
Move hits to quarantine & alert
Suspend user if malware is found.
Command to update the Maldet virus definition database
To check the latest version
You can google for detailed instructions on how to use it. I just want to share a few benefits I get by using Maldet in our servers.
- MD5 file hash detection for quick threat identification
- integrated detection of ClamAV to use as scanner engine
- scan-all option for full path based scanning
- quarantine queue that stores threats in a safe fashion with no permissions
- quarantine suspend account option to Cpanel suspend or shell revoke users
- cleaner rules to attempt removal of malware injected strings
- daily cron based scanning of all changes in last 24h in user home directories
- daily cron script compatible with stock RH style systems, Cpanel & Ensim
- e-mail alert reporting after every scan execution (manual & daily)
- verbose logging & output of all actions.
Some of my favorite commands
Targeting file extensions or entire directories
maldet -a /var/www/html/*.php
sudo maldet --report 210724-0528.4723
maldet -a /home/username/
To attempt a clean on all malware results from a previous scan that did not have the feature enabled, use the command:
maldet –clean SCANID
Maldet is one of the best choices to monitor your servers against malware and viruses.
If you need me for a consultation or to manage your Linux server, contact me via email@example.com