How to install and scan using Maldet

How to install and scan using Maldet

In this documentation, we can learn how to install maldet in Linux servers and its configuration. Linux Malware Detect (LMD) is a malware scanner for server under the GNU GPLv2 license. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. Using maldet in Linux server malware tool, it can simply find-out the infected files from the Linux file system and we can remove the file to a different location.

 

Installation

1) SSH to the server

2) Download the tar file

# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

3) Extract the file.

# tar -xzf maldetect-current.tar.gz

4) Go to the maldet folder

 # cd maldetect-*

5) To install maldet, run the below command

# sh ./install.sh

Now the installation is completed.

 

How to use maldet in a server

1)  To can scan file or folder.

# maldet -a /path/to/scan OR

# maldet –scan-all /path/to/scan

2) View the scan report.

# maldet -e SCAN ID

# maldet –report SCAN ID

3) Update.

# maldet -u OR

# maldet -d

4) Quarantine all malware results from a previous scan

# maldet -q SCAN ID

# maldet –quarantine SCAN ID

5) Restore a file that you have already quarantined

# maldet -s FILENAME

# maldet –restore FILENAME

6) Clean on all malware results from a previous scan

# maldet –clean SCANID

 

Maldet Options

1) quar_hits – The default quarantine action for malware hits, it should be set 1.

2) quar_clean – Cleaning detected malware injections, must set to 1.

3) quar_susp – The default suspend action for users with hits, set it as per your requirements.

4) quar_susp_minuid – Minimum userid that can be suspended.

 

Important Maldet Options

General syntax is:

# maldet [options] /path/to/scan

1) -b, –background – Execute operations in the background, ideal for large scans.

2) -u, –update – Update malware detection signatures from rfxn.com.

3) -l, –log – View maldet log file events.

4) -d, –update-ver – Update the installed version from rfxn.com.

5) -k, –kill – Terminate inotify monitoring service.

6) -a, –scan-all PATH – Scan all files in path.

7) -r, –scan-recent PATH DAYS – Scan files created/modified in the last X days.

8) -p, –purge – Clear logs, quarantine queue, session and temporary data.

9)  -q, –quarantine SCAN ID – Quarantine all malware from report SCAN ID.

10)  -n, –clean SCAN ID – Clean & restore malware hits from report SCAN ID.

11) -c, –checkout FILE – Upload suspected malware to rfxn.com for review & hashing into signatures.

12) -m, –monitor USERS|PATHS|FILE – Run maldet with kernel level file create/modify monitoring.

13) -s, –restore FILE|SCAN ID – Restore file from quarantine queue to original path.

14) -U, –user USER – Set execution under specified user, ideal for restoring from user quarantine.

 

If you need any further assistance please reach our support department.

 

  • 0

Install Wine on Linux Distribution

Install Wine on Linux Distribution In this tutorial, we can check how to Install Wine on Linux...

Install Apache Tomcat on Ubuntu 18.04

Install Apache Tomcat on Ubuntu 18.04 The Apache Tomcat is a free, open-source Java-based web...

How to Install and Setup Angular CLI

How to Install and Setup Angular CLIAngular is an open-source framework for your web...

How to Install Jenkins on CentOS and Ubuntu Server?

How to Install Jenkins on CentOS and Ubuntu Server? Jenkins is a free and open-source automation...

Setup ILIAS LMS on Ubuntu 18.04/16.04 with Nginx

ILIAS is an Open-Source Learning Management System. ILIAS LMS offers to develop and realizing...