Linux Malware Detect or just Maldet is free and open source malware scanner for Linux machines. It scans the machine for known malwares and quarantine suspicious files or simply alert you for their presence. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources.
In this tutorial we will show you how to install Linux Malware detect on your CentOS VPS/Server.
Log in to your server as user root and update the packages:
yum update -y
Now, go to Linux Malware Detect’s official website and download it to your server
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Unpack the downloaded Linux Malware detect archive
tar xfz maldetect-current.tar.gz
Change the current working directory
cd maldetect-*
And run the installation script
./install.sh
You should get the following output
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(776): {sigup} performing signature update check...
maldet(776): {sigup} local signature set is version 201205035915
maldet(776): {sigup} new signature set (2014082316728) available
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(776): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(776): {sigup} signature set update completed
maldet(776): {sigup} 11788 signatures (9895 MD5 / 1893 HEX)
Open Maldet’s configuration file
nano /usr/local/maldetect/conf.maldet
And change the following settings:
email_alert=1 – Enable email alerts
email_addr=”user@yourdomain.tld” – Enter the destination address for email alerts
quar_hits=1 – Move the detected malware to quarantine and send an alert
quar_clean=1 – Try to clean the detected malware injections
There are more options that you can configure according to your needs.
After the installation a daily cronjob which checks for the latest version of Maldet and malware definition/signature files is automatically created.
That’s all. Linux Malware Detect is installed and configured on your server.
To scan a directory you can use
maldet -a /path/to/directory
To update Maldet use the below command
maldet -u
You can find the details on all options by executing
maldet - h
or read the README file.
