Scanning for malware by using Maldetect Scan

Linux Malware Detect (LMD), also known as Maldet, is a malware scanner for Linux released under the GNU GPLv2 license. It is particularly effective for the detection of php backdoors, darkmailers and many other malicious files that can be uploaded on a compromised website. It will help you do detect infected websites and clean the infection, however securing the compromised user or website is still necessary to avoid re-infection.

This is one of the commonly using Malware detector in Linux servers. The installation and usages of Maldet is quit simple compared to others. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. By using Maldet as your Linux server malware tool, you can simply find-out the infected files from the Linux file system. At the same time we can remove or quarantine the infected file to a different location.

Provided below are the installation and configuration steps necessary to automate malware detection on your own web hosting environment with LMD.

Please refer the below steps to install the maldetect on your server:

Prerequisites

Linux servers

How can I install Maldet on Linux server ?

The tarball containing the source code of the latest version is always available at the following link, where it can be downloaded with

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Then we need to unpack the tarball and enter into the directory where its contents were extracted and install it..

tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

Make sure to update to the latest version and virus signatures:
maldet -d && maldet -u

Note

This will automatically install a cronjob inside /etc/cron.daily/maldet so a daily scan will be run for local accounts

How to USE maldet ?

After successfully installed and configured Linux Malware Detect tool (LMD) on your server, lets run your first scan using following command

To scan a specific user’s home directory, run the following command:

maldet –scan-all /home/user

For whole server scan please run the given command:

maldet -a /

To View the scan report:

We recommend you to always read the scan reports before doing a quarantine. You will also be able to identify infected websites for further actions.

List all scan reports time and SCANID:

maldet –report list

Show a specific report details :

maldet –report SCANID

To Quarantine all malware results from a previous scan:

By default the quarantine is disabled:

maldet -q SCAN ID
maldet –quarantine SCANID