Hosting in Europe

Portal Home > Knowledgebase > Linux tutorials > Linux Malware Detect tutorial


Linux Malware Detect tutorial




Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

If the server has cPanel installed I would recommend first of all to install ClamAV, because LMD will use ClamAV engine. ClamAV tutorials can be found here

1) Install LDM
cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh

2) Update LMD

maldet -d && maldet -u

3) Run a manual scan
If you need to scan just the home folder use the command bellow

maldet -a /home/user

To lunch a background scan for all user and folder public_html use the command bellow:

maldet -b --scan-all /home?/?/public_?

4) Verify the scan report
List all scan reports and SCANID

maldet --report list

Show a specific report detail

maldet --report SCANID

Show all scan details from report file:

grep "{scan}" /usr/local/maldetect/event_log

5) Clean the malcious files
By defaul the quarantine is disabled. You will have to enable it manualy

maldet -q SCANID

6 - (optional) Automatically quarantine detected malware

Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable     value     description
quar_hits     number     if the number is different than 0, enables automatic quarantine

7- (optional) Configure scan reports e-mail alerts

Maldet can send you and email alert each time it detects malware. Please review these configuration variables in /usr/local/maldetect/conf.maldet
variable     value     description
email_alert     1 or 0     enable or disable e-mail alerts
email_addr      e-mail address      target e-mail for notifications, should be put in quotes like: "user@yourdomain.com"

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read

Language:
CUSTOMER TESTIMONIALS
John Smith
Since i have migrated my website to IPhost I receive quality services and good 24/7 support. In my opinion it's the best host MD Data Center
Bob Mitchel
Much better than my previous company, I also got help with software installation. VPS in Moldova is a good solution