Installing and configuring Maldet


Linux Malware Detect (LMD) or Maldet is a malware scanner for Linux released under the GNU GPLv2 (free, open source) license, that is designed around the threats faced in hosting environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature, threats found on the TCH network of over 30,000 hosted domains and from malware community resources.

To install MaldetTop

  1. Change the present working directory to /usr/local/src using the command below. You may choose any other directory of your choice, where you want the installation script to be downloaded.

    cd /usr/local/src
  2. Run the below command to download the archive file to the present working directory:

  3. Extract the files using the command:

    tar -xzf maldetect-current.tar.gz
  4. Go to the Maldet directory using the command:

    cd maldetect-*
  5. Run the installation script:

    sh ./

Sample Output:

Linux Malware Detect v1.3.4
(C) 1999-2010, R-fx Networks <>
(C) 2010, Ryan MacDonald <>
inotifywait (C) 2007, Rohan McGovern <>

This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
cron.daily: /etc/cron.daily/maldet
maldet(32517): {sigup} performing signature update check…
maldet(32517): {sigup} local signature set is version 2010051510029
maldet(32517): {sigup} latest signature set already installed

To configure LMDTop

By default, all options are fully commented in the configuration file (/usr/local/maldetect/conf.maldet). You can configure them as per your requirement. Various options are listed below:

  • email_alert: Set it to 1 to receive email alerts.

  • email_subj: Specify your email subject.

  • email_addr: Add your email address to receive malware alerts.

  • quar_hits: This is the default quarantine action for malware hits and should be set to 1.

  • quar_clean: This is the cleaning action for detected malware injections and should be set to 1.

  • quar_susp: This is the default suspend action for users with hits. Set it as per your requirement.

  • quar_susp_minuid: Minimum userid that can be suspended.

You can update Maldet, using the command:

maldet -u or maldet -d

To Scan using MaldetTop

  • To scan the files of a particular user, use the command:

    maldet -a /home/username/
  • To scan all users under /home/public_html, use the command:

    maldet –scan-all /home?/?/public_html
  • To attempt a clean on all malware results from a previous scan that did not have the feature enabled, use the command:

    maldet –clean SCANID
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Optimizing Apache

The efficiency with which Apache runs with can be greatly improved with a few small tweaks in the...

Accessing your Dedicated Server Linux [US] Order

You can access the Server Management Panel and control panels for other Add-ons that you might...

Optimizing MySql

Contents [Hide] 1. Basic Optimization 2. Advanced Optimization   You may choose...

Mail limiting via WHM

Contents [Hide] 1. To configure Exim mail server in WebHost Manager 2. Controlling...

Installing Cloudlinux and Configuring LVEManager and Cagefs

The process below explains how to install CloudLinux on your server Download the cldeploy...