Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.
If the server has cPanel installed I would recommend first of all to install ClamAV, because LMD will use ClamAV engine. ClamAV tutorials can be found here
1) Install LDM
cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh
2) Update LMD
maldet -d && maldet -u
3) Run a manual scan
If you need to scan just the home folder use the command bellow
maldet -a /home/user
To lunch a background scan for all user and folder public_html use the command bellow:
maldet -b --scan-all /home?/?/public_?
4) Verify the scan report
List all scan reports and SCANID
maldet --report list
Show a specific report detail
maldet --report SCANID
Show all scan details from report file:
grep "{scan}" /usr/local/maldetect/event_log
5) Clean the malcious files
By defaul the quarantine is disabled. You will have to enable it manualy
maldet -q SCANID
6 - (optional) Automatically quarantine detected malware
Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable value description
quar_hits number if the number is different than 0, enables automatic quarantine
7- (optional) Configure scan reports e-mail alerts
Maldet can send you and email alert each time it detects malware. Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable value description
email_alert 1 or 0 enable or disable e-mail alerts
email_addr e-mail address target e-mail for notifications, should be put in quotes like: "[email protected]"
Linux Malware Detect tutorial
- 0 A felhasználók hasznosnak találták ezt