How to install and scan using Maldet 

And today a lot of people are using the Linux server to host their website and the reason behind it that- Linux system is one of the most used operating system in the world and by using Linux operating system you can easily handle and manage your website. And using Linux based server gives your business better security, flexibility, scalability. And today if you are using Linux server solution for your website and if you are looking for a complete information on how to install and scan using Maldet then here is the complete information on it. It is also called as Linux Malware Detect (LMD) which is a malware scanner for a server which is under the GNU GPLv2 license. Maldet uses threat data from network edge intrusion detection systems where it can extract malware that is actively being used in attacks and it also generates signatures for detection. So today if you are using maldet on your Linux server, then you can easily find out the infected files from your Linux file system and you can remove the file to a different location.

 

Information on how to install and scan using Maldet in your Linux server:

First, you need to install the Maldet

>> Log in to your SSH to the server

>> Now you need to download the tar file using the below command


# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz


>> So once the file is downloaded now you need to extract the file.


# tar -xzf maldetect-current.tar.gz

>> Now you need to go to the maldet folder using the this command


# cd maldetect-*


>> Now to install maldet, run the below command


# sh ./install.sh


>> Now Maldet is been installed on your Linux server


Now to use the maldet in a server follow the below steps:


>> First you need to scan the files or the folders, so use the below command


# maldet -a /path/to/scan OR

# maldet –scan-all /path/to/scan


>> Now you need to view the scan report, to check the report use this command


# maldet -e SCAN ID

# maldet –report SCAN ID


>> Now you need to update it


# maldet -u OR

# maldet -d


>> Now separate all the malware results from a previous scan


# maldet -q SCAN ID

# maldet –quarantine SCAN ID


>> Once the separation is done, now you need to restore a file which you have already separated


# maldet -s FILENAME

# maldet –restore FILENAME


>> Now clean all the malware results from a previous scan


# maldet –clean SCANID


Here are some of the Maldet options


>>> quar_hits – It is the default quarantine action for malware hits, it should be set 1.


>>> quar_clean –This is used for cleaning detected malware injections, and it must set to 1.


>>> quar_susp – This syntax is used for default suspends action for users with hits, and you can set it as per your requirements


>>> quar_susp_minuid – Minimum user id that can be suspended.


This is one of the general syntaxes


# maldet [options] /path/to/scan


1) -b, –background – This is used to execute operations in the background, ideal for large scans.

2) -u, –update – You can use this to update malware detection signatures from rfxn.com.

3) -l, –log – It helps you to view maldet log file events.

4) -d, –update-ver – With this, you can update the installed version from rfxn.com.

5) -k, –kill – You can terminate inotify monitoring service.

6) -a, –scan-all PATH – It helps you to scan all files in the path.

7) -r, –scan-recent PATH DAYS – Scan files created/modified in the last 10 days.

8) -p, –purge – You can use this to clear logs, separate queue, session, and temporary data.

9) -q, –quarantine SCAN ID – It separates all malware from report SCAN ID.

10) -n, –clean SCAN ID – Use this to clean & restore malware hits from report SCAN ID.

11) -c, –checkout FILE – With help of this you can upload suspected malware to rfxn.com for review & hashing into signatures.

12) -m, –monitor USERS|PATHS|FILE – Use this to run Maldet with kernel level file create/modify monitoring.

13) -s, –restore FILE|SCAN ID – With this, you can restore the file from quarantine queue to original path.

14) -U, –user USER – Using this you can set execution under specified user, ideal for restoring from user quarantine.