Friday, 28 June 2013

How to install Linux Malware Detect (LMD) / Maldet

Malware can be trojans, viruses, spyware, adware, rootkits or any other malicious programs which can be very harmful to any computer user.

Linux Malware Detect (LMD) is an open source and free malware scanner and detector for Unix/Linux based operating systems.

Downloading latest LMD package

# wget

Install the package

cd /opt
# gunzip maldetect-current.tar.gz
# tar -xvf maldetect-current.tar

# cd maldetect-1.4.2

Configuring LMD

By default all options are fully commented in the configuration file, so configure it according to your needs.

email_alert : If you would like to receive email alerts, then it should be set to 1.
email_subj : Set your email subject here.
email_addr : Add your email address to receive malware alerts.
quar_hits : The default quarantine action for malware hits, it should be set 1.
quar_clean : Cleaing detected malware injections, must set to 1.
quar_susp : The default suspend action for users wih hits, set it as per your requirements.
quar_susp_minuid : Minimum userid that can be suspended.

# cd /usr/local/maldetect/
vim conf.maldet

and enable the options you needed to check while running maldet

To scan it Manually

# maldet --scan-all /home

You performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.

# maldet --quarantine SCANID
# maldet --clean SCANID

For Daily Scan

By default installation keeps LMD script under /etc/cron.daily/maldet and it is used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails.

If you need to add additional paths to be scanned, then you should edit this file accordingly to your requirements.

# vi /etc/cron.daily/maldet

No comments:

Post a Comment