Maldet also known as Linux Malware Detect virus scanner for Linux.
Go to the below path:
cd /usr/local/src/
Download the tar file using the below link:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract the file using the below command:
tar -xzf maldetect-current.tar.gz
go to the maldet folder:
cd maldetect-*
Now, run the below command to install maldet:
sh ./install.sh or sudo sh ./install.sh
It will give below output:
Linux Malware Detect v1.3.4
(C) 1999-2010, R-fx Networks <proj@r-fx.org>
(C) 2010, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet
maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed
To update the maldet use the below commands:
maldet –update-ver
maldet –update[/i]
To scan the files:
maldet -a /home/username/
It will scan all the files and provide you the output:
To scan all user uder public_html paths under /home*/ this can be done with:
root@server[~]# maldet –scan-all /home?/?/public_html
To scan the same path but the content that has been created/modified in the last 5 days:
root@server[~]# maldet –scan-recent /home?/?/public_html 5
To scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:
root@server[~]# maldet –quarantine SCANID
If you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do with:
root@server[~]# maldet –clean SCANID
If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:
root@server[~]# maldet –restore config.php.2384
root@server[~]# maldet –restore /usr/local/maldetect/quarantine/config.php.2384
Go to the below path:
cd /usr/local/src/
Download the tar file using the below link:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract the file using the below command:
tar -xzf maldetect-current.tar.gz
go to the maldet folder:
cd maldetect-*
Now, run the below command to install maldet:
sh ./install.sh or sudo sh ./install.sh
It will give below output:
Linux Malware Detect v1.3.4
(C) 1999-2010, R-fx Networks <proj@r-fx.org>
(C) 2010, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet
maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed
To update the maldet use the below commands:
maldet –update-ver
maldet –update[/i]
To scan the files:
maldet -a /home/username/
It will scan all the files and provide you the output:
To scan all user uder public_html paths under /home*/ this can be done with:
root@server[~]# maldet –scan-all /home?/?/public_html
To scan the same path but the content that has been created/modified in the last 5 days:
root@server[~]# maldet –scan-recent /home?/?/public_html 5
To scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:
root@server[~]# maldet –quarantine SCANID
If you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do with:
root@server[~]# maldet –clean SCANID
If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:
root@server[~]# maldet –restore config.php.2384
root@server[~]# maldet –restore /usr/local/maldetect/quarantine/config.php.2384