Linux Malware Detect (LMD) is a freeware malware scanning tool for Linux. In this guide, I will show you how to install and configure LMD to scan for malware on your Linux system.
In order to install LMD on Linux, run the following,
- Code: Select all
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xvfvz maldetect-current.tar.gz
cd maldetect-1.4.2
sudo ./install.sh
Linux Malware Detect v1.4.1
(C) 2002-2013, R-fx Networks <[email protected]>
(C) 2013, Ryan MacDonald <[email protected]>
inotifywait (C) 2007, Rohan McGovern <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(6001): {sigup} performing signature update check...
maldet(6001): {sigup} local signature set is version 201205035915
maldet(6001): {sigup} new signature set (2013041816820) available
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/md5.dat
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/hex.dat
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.ndb
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/rfxn.hdb
maldet(6001): {sigup} downloaded http://www.rfxn.com/downloads/maldet-clean.tgz
maldet(6001): {sigup} signature set update completed
maldet(6001): {sigup} 11203 signatures (9335 MD5 / 1868 HEX)
After installation, daily cron job is added in /etc/cron.daily/maldet, which checks for the latest version of LMD and malware definition/signature files, and update them automatically. If inotify-based real time monitoring is enabled, the daily cron job also scans the recently updated/created files for malware.
To initiate malware scanning manually, run maldet with a target folder to scan.
- Code: Select all
sudo maldet --scan-all /home
After scanning, you can examine malware scan report by running the following command with the scan report ID (which your terminal displays).
- Code: Select all
sudo maldet --report 041813-2044.6125
To quarantine the infected files, run the following command with the scan report ID. The infected files will then be quarantined for cleaning.
- Code: Select all
sudo maldet -q 041813-2044.6125
If you want to actively monitor specific directories for malware infection, you can run maldet as a daemon as follows.
- Code: Select all
sudo maldet -m /var,/home
If you want to have maldet alert you on detected malware by email, you can modify maldet configuration as follows.
- Code: Select all
sudo vi /usr/local/maldetect/conf.maldet