Scribd Logo
Upload

Welcome to Scribd!

  • Available Here.: Expertise Level: Medium

    Uploaded by

    YusufAdiSetyawan
    4 views2 pages
    instal

    Original Title

    Install

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    instal

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views2 pages

    Available Here.: Expertise Level: Medium

    Uploaded by

    YusufAdiSetyawan
    instal

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Expertise level: Medium

    Linux Malware Detect (LMD), also known as Maldet, is a malware scanner for Linux released
    under the GNU GPLv2 license. It is particularly effective for the detection of php backdoors,
    darkmailers and many other malicious files that can be uploaded on a compromised website. It will
    help you do detect infected websites and clean the infection, however securing the compromised
    user or website is still necessary to avoid re-infection.
    If the server has cPanel , we recommend you install ClamAV first, as maldet will use the ClamAV
    scan engine. ClamAV installation instructions are available here.
    You will need to be logged in as root to the server over SSH.
    1 - Install maldet
    cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetectcurrent.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh
    This will automatically install a cronjob inside /etc/cron.daily/maldet so a daily scan will be run for
    local cPanel or Plesk accounts.
    2 - Make sure to update to the latest version and virus signatures:
    maldet -d && maldet -u

    3 - Run the first scan manually


    To scan a specific user's home directory, run the following command:
    maldet -a /home/user

    To launch a background scan for all user's public_html and public_ftp in all home directories, run
    the following command:
    maldet -b --scan-all /home?/?/public_?

    (We also recommend you to scan /tmp and /dev/shm/)


    4 - Verify the scan report
    We recommend you to always read the scan reports before doing a quarantine. You will also be able
    to identify infected websites for further actions.
    List all scan reports time and SCANID:
    maldet --report list

    Show a specific report details :


    maldet --report SCANID

    Show all scan details from log file:


    grep "{scan}" /usr/local/maldetect/event_log

    5 - Clean the malicious files


    By default the quarantine is disabled. You will have to launch it manually.
    maldet -q SCANID

    6 - (optional) Automatically quarantine detected malware


    Please review these configuration variables in /usr/local/maldetect/conf.maldet
    variable value description
    quar_hits number if the number is different than 0, enables automatic quarantine
    7- (optional) Configure scan reports e-mail alerts
    Maldet can send you and email alert each time it detects malware. Please review these configuration
    variables in /usr/local/maldetect/conf.maldet
    variable value description
    email_alert 1 or 0 enable or disable e-mail alerts
    email_addr
    e-mail address
    target e-mail for notifications, should be put in quotes like:
    "myuser@mydomain.com"

    You might also like