Linux Malware Detect tutorial

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

If the server has cPanel installed I would recommend first of all to install ClamAV, because LMD will use ClamAV engine. ClamAV tutorials can be found here

1) Install LDM
cd /usr/local/src/ && wget && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh

2) Update LMD

maldet -d && maldet -u

3) Run a manual scan
If you need to scan just the home folder use the command bellow

maldet -a /home/user

To lunch a background scan for all user and folder public_html use the command bellow:

maldet -b --scan-all /home?/?/public_?

4) Verify the scan report
List all scan reports and SCANID

maldet --report list

Show a specific report detail

maldet --report SCANID

Show all scan details from report file:

grep "{scan}" /usr/local/maldetect/event_log

5) Clean the malcious files
By defaul the quarantine is disabled. You will have to enable it manualy

maldet -q SCANID

6 - (optional) Automatically quarantine detected malware

Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable     value     description
quar_hits     number     if the number is different than 0, enables automatic quarantine

7- (optional) Configure scan reports e-mail alerts

Maldet can send you and email alert each time it detects malware. Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable     value     description
email_alert     1 or 0     enable or disable e-mail alerts
email_addr      e-mail address      target e-mail for notifications, should be put in quotes like: "[email protected]"

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to configure static IP on Centos 6

## Configure eth0 # # vi /etc/sysconfig/network-scripts/ifcfg-eth0   DEVICE="eth0"...

How to determinate linux file or folder usage

In order to determine the space consumption of a file or folderFor example to determine the disk...

How to setup a Tor hidden service with NGINX on Ubuntu & Debian

Most of you are familiar with Tor, a free and open-source software for enabling anonymous...

An In-depth Guide on How to Use the Sudo Command in Debian, CentOS, and FreeBSD

If you’re on to Linux, you must’ve heard about the Sudo command. But the real question is, are...

Where to Learn the Linux Command Line?

The majority of websites are hosted on the Linux operating system and for a good reason. It...