Malware can be trojans, viruses, spyware, adware, rootkits or any other malicious programs which can be very harmful to any computer user.
Linux Malware Detect (LMD) is an open source and free malware scanner and detector for Unix/Linux based operating systems.
Downloading latest LMD package
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install the package
cd /opt
# gunzip maldetect-current.tar.gz
# tar -xvf maldetect-current.tar
# cd maldetect-1.4.2
./install.sh
Configuring LMD
By default all options are fully commented in the configuration file, so configure it according to your needs.
email_alert : If you would like to receive email alerts, then it should be set to 1.
email_subj : Set your email subject here.
email_addr : Add your email address to receive malware alerts.
quar_hits : The default quarantine action for malware hits, it should be set 1.
quar_clean : Cleaing detected malware injections, must set to 1.
quar_susp : The default suspend action for users wih hits, set it as per your requirements.
quar_susp_minuid : Minimum userid that can be suspended.
# cd /usr/local/maldetect/
vim conf.maldet
and enable the options you needed to check while running maldet
To scan it Manually
# maldet --scan-all /home
You performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.
# maldet --quarantine SCANID
OR
# maldet --clean SCANID
For Daily Scan
By default installation keeps LMD script under /etc/cron.daily/maldet and it is used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails.
If you need to add additional paths to be scanned, then you should edit this file accordingly to your requirements.
# vi /etc/cron.daily/maldet
Linux Malware Detect (LMD) is an open source and free malware scanner and detector for Unix/Linux based operating systems.
Downloading latest LMD package
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install the package
cd /opt
# gunzip maldetect-current.tar.gz
# tar -xvf maldetect-current.tar
# cd maldetect-1.4.2
./install.sh
Configuring LMD
By default all options are fully commented in the configuration file, so configure it according to your needs.
email_alert : If you would like to receive email alerts, then it should be set to 1.
email_subj : Set your email subject here.
email_addr : Add your email address to receive malware alerts.
quar_hits : The default quarantine action for malware hits, it should be set 1.
quar_clean : Cleaing detected malware injections, must set to 1.
quar_susp : The default suspend action for users wih hits, set it as per your requirements.
quar_susp_minuid : Minimum userid that can be suspended.
# cd /usr/local/maldetect/
vim conf.maldet
and enable the options you needed to check while running maldet
To scan it Manually
# maldet --scan-all /home
You performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.
# maldet --quarantine SCANID
OR
# maldet --clean SCANID
For Daily Scan
By default installation keeps LMD script under /etc/cron.daily/maldet and it is used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails.
If you need to add additional paths to be scanned, then you should edit this file accordingly to your requirements.
# vi /etc/cron.daily/maldet
No comments:
Post a Comment