HostOnNet Blog

Installation Linux Malware Detect (Maldet) On CentOS Server

virus protection

The Maldet is a commonly using malware detector for Linux based server. The installation and usage of maldet is quite simple. Here i am going to discuss about the Maldet installation step on linux server.

Change the present working directory to /usr/local/src using the command below.


cd /usr/local/src 

Run the below command to download the archive file to the present working directory:


wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Extract the files using the command:


tar -xzf maldetect-current.tar.gz 

Go to the Maldet directory using the command:


cd maldetect-* 

Run the installation script:


sh ./install.sh 

How to setup Email Alert

Open the configuration file (/usr/local/maldetect/conf.maldet) using your favorite editor (vi, vim, nano etc…) and follow the setting below:


#[0 = disabled, 1 = enabled]
 email_alert=0

#The subject line for email alerts
 email_subj="maldet alert from $(hostname)"

# The destination addresses for email alerts
 # [ values are comma (,) spaced ]
 email_addr="you@domain.com"

To configure LMD

You can configure them as per your requirement. Various options are listed below:

email_alert: Set it to 1 to receive email alerts.

email_subj: Specify your email subject.

email_addr: Add your email address to receive malware alerts.

quar_hits: This is the default quarantine action for malware hits and should be set to 1.

quar_clean: This is the cleaning action for detected malware injections and should be set to 1.

quar_susp: This is the default suspend action for users with hits. Set it as per your requirement.

quar_susp_minuid: Minimum userid that can be suspended.

You can update Maldet, using the command:

-u Update malware detection signatures from rfxn.com

-d Update the installed version from rfxn.com

maldet -u or maldet -d

How To Scan Server using Maldet

To scan the files of a particular user, use the command:

maldet -a /home/username/

To scan all users under /home/public_html, use the command:

maldet –scan-all /home?/?/public_html

About Annie

I’ve been working in Technical Section for over 10 years in a wide range of tech jobs from Tech Support to Software Testing. I started writing blog for my future reference and useful for all.