How to use Linux Malware Detect (LMD-maldet)

Linux Malware Detect is one of the most useful tools to detect and remove unwanted malware from your server. We will see two ways to install and use it, the easiest and fastest one I have found via a plugin for WHM, and the more advanced from SSH.

Easiest and fastest way to use Linux Malware Detect in cPanel/WHM servers, with GUI.

Simply install a WHM plugin, like Admin-Ahead Linux Malware Detect cPanel/WHM plugin . This will allow you to use it from within WHM from a graphical interface, and will also setup a cron job to scan daily the modified files for malware. It also sends you a detailed report if there is a hit. Everything is done easily from the interface, so there is no reason to explain this further.

 

Advanced way to Install and use LMD via SSH

1.From SSH in order to install Linux Malware Detect you need to type the following commands:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz

2.Then you need to go to the directory that was created from the extraction. You can use the command

cd maldetect-*

3.Then to install it you need to execute install.sh:

./install.sh

4.Now LMD is installed. Also you can run:

maldet -u && maldet -d

To be sure that LMD is updated to the latest version and has the newest definitions.

 

Scan and clean infected files

1.In order to initiate a LMD scan for a specific user, you have to type the following command

maldet -a /home/user

where user is the users’ name you wish to scan.

2.If you want to scan via LMD all home directories of all users, then you have to run

maldet --scan-all /home/?/public_html

3.To view the scan reports of LMD you have to type

maldet --report list

4.Find the scanid of the report you want to see the details, and type

maldet --report scanid

where scanid is the ID you want to see.

5.If there are detections, you can delete or clean the files manually(with ftp for example), or quarantine the hits of LMD(maldet) automatically. To quarantine the LMD hits you type:

maldet -q scanid

where scanid is the scan report ID that you want its hits to be quarantined.

Quarantining useful files will result in useless websites. False positives are rare, but you must check all the hits prion deleting or quarantining anything!

For more information and more advanced parameters you can visit the LMD website.

Master of SEO, server management specialist, guru of web development. A living legend.

Leave a Reply

Next ArticleHow to install Nginx on WHM/cPanel server