How to Install and configuration Maldet and Run a Scan

                                 What is Maldet? #

Maldet is a commonly used abbreviation for Linux Malware Detect (LMD), a malware scanner for Linux released under the GNU GPLv2 license.

What makes Maldet unique, is that it is designed around the threats faced in shared hosting environments. Maldet works by using threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

How to Install Maldet
#

  1. Login to your Linux machine by SSH as a root.
  2. Download tarball archive from the project’s official web site.

wget https://www.rfxn.com/downloads/maldetect-current.tar.gz

3. Then unpack the downloaded file.

tar -xvf maldetect-current.tar.gz

4. Now, move to the Maldet directory using the command:

cd maldetect-*

5. After entering the directory, run the installation file.
By completing this step, Maldet will be successfully installed on your Linux machine.

sh install.sh

Maldet HowTo : #

1. How to Update Maldet database : #

for update maldet run the following command :

maldet -u

2. How to upgrade maldet installation version : #

if you want upgrade your maldet installation to newer version , run fowllowing command :

maldet -d

3. How Scan All File in Specify directory path #

Use the following command if you want to scan all your existing files in a specific directory path:

maldet -a PATH

Suppose you have CPanel installed on your server and you want to scan your users files. You can run the following command. As you can see in Maldet order from ? Used as a wildcard.

maldet -a /home/?/public_html

in above command default value for PATH is /home

How to Scan ISPConfig User with maldet: #

maldet -a /var/www/?

4. Scan Recent changed Files with maldet #

A very useful feature that Maldet supports is scanning files that have been edited after a certain time.
This feature helps you not to have to re-scan all the files each time you want to scan, and only files that have been edited over a period of time (for example, the last 10 days) will be scanned. As a result, scan time will be shorter and less resources will be consumed.

To perform this scan, use the -r  run the scan.

maldet -r /home/?/public_html 2

in the above command after define PATH, then specify a number (the default value is 7 and the maximum possible value can be 90). This number indicates that files that have been modified in the last X days should be scanned. Because when a file is infected, it is clearly edited, you can use this feature to scan files that may have been infected recently (1 to 90 days).

 

5. How to Send large Maldet Scan in the background : #

If you want to scan a large number of files, whether you want to scan it completely or just scan recently modified files, this may be time consuming, so you can add a small setting to your scan operation and Do it in the background. The procedure is very simple, add the -b setting to your skate command:

maldet -b -r /home/?/public_html 7

Powered by BetterDocs