Wednesday, 15 May 2013

How to install maldet in linux server !

Maldet also known as Linux Malware Detect virus scanner for Linux.

Go to the below path:

    cd /usr/local/src/

Download the tar file using the below link:

    wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the file using the below command:

    tar -xzf maldetect-current.tar.gz

go to the maldet folder:

    cd maldetect-*

Now, run the below command to install maldet:

    sh ./install.sh or sudo sh ./install.sh

It will give below output:

    Linux Malware Detect v1.3.4
    (C) 1999-2010, R-fx Networks
    (C) 2010, Ryan MacDonald
    inotifywait (C) 2007, Rohan McGovern
    This program may be freely redistributed under the terms of the GNU GPL

    installation completed to /usr/local/maldetect
    config file: /usr/local/maldetect/conf.maldet
    exec file: /usr/local/maldetect/maldet
    exec link: /usr/local/sbin/maldet
    cron.daily: /etc/cron.daily/maldet

    maldet(32517): {sigup} performing signature update check…
    maldet(32517): {sigup} local signature set is version 2010051510029
    maldet(32517): {sigup} latest signature set already installed

    

To update the maldet use the below commands:

    maldet –update-ver

    maldet –update[/i]

To scan the files:

    maldet -a /home/username/

It will scan all the files and provide you the output:



To scan all user uder public_html paths under /home*/ this can be done with:

    root@server[~]# maldet –scan-all /home?/?/public_html

To scan the same path but the content that has been created/modified in the last 5 days:

    root@server[~]# maldet –scan-recent /home?/?/public_html 5

To scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:

    root@server[~]# maldet –quarantine SCANID

If you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do with:

    root@server[~]# maldet –clean SCANID

If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:

    root@server[~]# maldet –restore config.php.2384
    root@server[~]# maldet –restore /usr/local/maldetect/quarantine/config.php.2384

 
Post a Comment