How to use Linux Malware Detect (LMD-maldet)
Linux Malware Detect is one of the most useful tools to detect and remove unwanted malware from your server. We will see two ways to install and use it, the easiest and fastest one I have found via a plugin for WHM, and the more advanced from SSH.
Easiest and fastest way to use Linux Malware Detect in cPanel/WHM servers, with GUI.
Simply install a WHM plugin, like Admin-Ahead Linux Malware Detect cPanel/WHM plugin . This will allow you to use it from within WHM from a graphical interface, and will also setup a cron job to scan daily the modified files for malware. It also sends you a detailed report if there is a hit. Everything is done easily from the interface, so there is no reason to explain this further.
Advanced way to Install and use LMD via SSH
1.From SSH in order to install Linux Malware Detect you need to type the following commands:
tar -xvf maldetect-current.tar.gz
2.Then you need to go to the directory that was created from the extraction. You can use the command
3.Then to install it you need to execute install.sh:
4.Now LMD is installed. Also you can run:
maldet -u && maldet -d
To be sure that LMD is updated to the latest version and has the newest definitions.
Scan and clean infected files
1.In order to initiate a LMD scan for a specific user, you have to type the following command
maldet -a /home/user
where user is the users’ name you wish to scan.
2.If you want to scan via LMD all home directories of all users, then you have to run
maldet --scan-all /home/?/public_html
3.To view the scan reports of LMD you have to type
maldet --report list
4.Find the scanid of the report you want to see the details, and type
maldet --report scanid
where scanid is the ID you want to see.
5.If there are detections, you can delete or clean the files manually(with ftp for example), or quarantine the hits of LMD(maldet) automatically. To quarantine the LMD hits you type:
maldet -q scanid
where scanid is the scan report ID that you want its hits to be quarantined.
For more information and more advanced parameters you can visit the LMD website.