Malware can compromise server security by injecting harmful files into your website, sending spam emails, or launching DDoS attacks. Such activities can damage your server’s reputation, increase load, and even lead to account suspension for violating the terms of service of your hosting provider.

To combat this, Linux Malware Detect (LMD), commonly known as Maldet, is an effective tool for scanning and mitigating malware threats in Linux-based hosting environments. This guide provides a step-by-step process for installing Maldet and using it to scan for infected files on your server.

What is Maldet (LMD)?

Linux Malware Detect (Maldet) is a malware scanner specifically designed for Linux systems, particularly those in shared hosting environments. It uses:

• Threat Data: Extracted from network intrusion detection systems, user submissions, and community resources.
• Signatures: Based on MD5 file hashes and HEX pattern matches, allowing precise detection of malware.

Step-by-Step Installation and Usage Guide

Step 1: Install Maldet

Maldet can be installed on various Linux distributions such as RHEL, CentOS, Ubuntu, and Debian.

1. Navigate to the source directory:

cd /usr/local/src

2. Remove any old Maldet versions:

rm -Rf maldetect-*

3. Download the latest Maldet package:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

4. Extract the downloaded file:

tar xfz maldetect-current.tar.gz

5. Install Maldet:

cd maldetect-*
./install.sh

Step 2: Update Maldet

To ensure you have the latest malware signatures and software updates:

1. Update malware signatures:

maldet -u

2. Upgrade Maldet to the latest version:

maldet -d

Step 3: Scan for Malware

Maldet provides flexible options for scanning directories based on your preferences:

1. Scan all public_html directories for users:

maldet -a /home/*/public_html

2. Scan all user directories:

maldet -a /home

3. Run a background scan for all public_html directories:

maldet -b --scan-all /home/*/public_html

4. Once the scan is complete, you can review logs using:

maldet -l

Step 4: Review Scan Reports

After the scan, Maldet generates detailed reports:

1. List all reports with scan times and IDs:

maldet --report list

2. View a specific report:

maldet --report SCANID

Replace SCANID with the report ID (e.g., 020120-1525.21134).

Step 5: Quarantine Infected Files

It’s important to carefully review infected files before taking action. If you decide to quarantine files:

1. Quarantine all files associated with a specific scan:

maldet -q SCANID

For example:

maldet -q 020120-1525.21134

Quarantined files are stored in:

/usr/local/maldetect/quarantine

Conclusion

By following these steps, you can effectively install Maldet, scan for malware, and quarantine infected files on your Linux server. Regular scans and updates ensure the security of your server and protect your reputation as a trusted service provider.