How to Install Maldet and Scan for Malware Infected Website on CWP, VestaCP, RHEL/Centos Ubuntu Linux Servers

by Sandeep B.

In this tutorial we’ll install Maldet (LMD) in order to scan for malware i.e. infected website files which are injected by hackers. This malwares are very bad for your servers like they can harm you by sending spam emails and can lower the reputation of your business IP or by increasing server load by running DDOS attacks which are generated from your server and you end up with suspended server for breaking the TOS of your server provider.

Linux Malware Detect (LMD) is a malware scanner for Linux that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches.

Step 1 :

Install Maldet in server

any Linux os can run this like RHEL, centos, ubuntu, debiam and many more.

cd /usr/local/src
rm -Rf maldetect-*
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xfz maldetect-current.tar.gz
cd maldetect-*
./install.sh

Step 2 :

Update maldet signatures :

maldet -u

to upgrade to latest maldet version :

maldet -d

Step 3 :

Scan all user dir for possible infections :

Run this command according to your preference

This command will scan all user’s public_hmtl dir :

maldet -a /home/*/public_html

This command will scan all user’s dir :

maldet -a /home

To launch a background scan change flag to -b --scan-all

eg :

maldet -b --scan-all /home/*/public_html

now after the scan is completed verify the report created by maldet you can check logs with command maldet -l

Step 4 :

To List all scan reports time and SCANID:

maldet --report list

To Show/Open a specific report in details :

maldet --report SCANID

report scanid will look like this 020120-1525.21134

You need to open and verify the report via this command:

maldet --report SCANID

eg : maldet --report 020120-1525.21134

Step 5 :

Review the infected files and quarantine it – it is always recommend to review the files before you quarantine it

To quarantine all infected file type in this command :

maldet -q SCANID

eg : maldet -q 020120-1525.21134

Congrats you’ve successfully cleaned those infected files, All quarantine file are in /usr/local/maldetect/quarantine

If this post helps you in any way please consider a donation

Donate with PayPal :

md-donate

Donate with Paytm :

md-donate

You may also like

Leave a Comment