Linux Malware Detect (LMD) is a free open source malware/Trojans scanner for Linux based system such as Centos, RHEL, Ubuntu as well as it’s very effective for WHM/cPanel server to detect back doors files, php c99, c97 shell scripts and other suspicious/malicious codes which generally uploaded by hackers on vulnerable websites.
Installation & Configuration
root@linuxpcfix [~]#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
–2014-10-14 20:34:45– http://www.rfxn.com/downloads/maldetect-current.tar.gz
Resolving www.rfxn.com… 129.121.132.46
Connecting to www.rfxn.com|129.121.132.46|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 879295 (859K) [application/x-gzip]
Saving to: “maldetect-current.tar.gz”
100%[============================================================================================>] 879,295 373K/s in 2.3s
2014-10-14 20:34:49 (373 KB/s) – “maldetect-current.tar.gz” saved [879295/879295]
root@linuxpcfix [~]# tar xfz maldetect-current.tar.gz
tar xvf maldetect-current.tar.gz
maldetect-1.4.2/
maldetect-1.4.2/CHANGELOG
maldetect-1.4.2/cron.daily
maldetect-1.4.2/README
maldetect-1.4.2/files/
maldetect-1.4.2/files/ignore_file_ext
maldetect-1.4.2/files/sigs/
maldetect-1.4.2/files/sigs/rfxn.ndb
maldetect-1.4.2/files/sigs/md5.dat
maldetect-1.4.2/files/sigs/hex.dat
maldetect-1.4.2/files/sigs/maldet.sigs.ver
maldetect-1.4.2/files/sigs/rfxn.hdb
maldetect-1.4.2/files/tmp/
root@linuxpcfix [~]# cd maldetect-*
root@linuxpcfix [~]# ./install.sh
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks
inotifywait (C) 2007, Rohan McGovern
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(2821): {sigup} performing signature update check…
maldet(2821): {sigup} local signature set is version 201205035915
maldet(2821): {sigup} new signature set (2014100624041) available
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(2821): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(2821): {sigup} signature set update completed
maldet(2821): {sigup} 11792 signatures (9899 MD5 / 1893 HEX)
Now configure the malware detect
email_alert=0
email_addr=you@domain.com
quar_hits=0
Usage & Manual Scans
If you want to scan complete home directory then perform the following command.
If you wanted to scan complete home directory but contents that have been created/modified in the last 5 days then run:
If you would like to perform quarantine on previous scan results then execute the following the command.
If you want to clean all malware results then do as below.
To restore the file which was quarantined from a false positive you can use the following:
root@linuxpcfix [~]#maldet –restore /usr/local/maldetect/quarantine/config.php.2384
I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.
