How to Install/Uninstall Maldet Malware Scanner – Install Maldet

How to Install/Uninstall Maldet Malware Scanner on Linux – Steps to Install Maldet on cPanel, plesk, directadmin etc


 

Maldet (Linux Malware Detect) is one of the best softwares used on linux servers to detect malware and phishing sites. It is a free malware scanner developed by R-fx network (visit rfxn.com website for more details). This scanner is widely used by server administrators to detect and remove malicious scripts injected in PHP files.
 


 
How to Install Maldet Linux Malware/Virus scanner

You must have server root access to Install Maldet.

1. Log into your linux server via SSH as ‘root’ user

2. Change directory to /usr/local/src/

root@server [/]# cd /usr/local/src/

3. Download maldet installation file from R-fx network using wget command

root@server [/]# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

4. Extract the tar file

root@server [/]# tar -zxvf maldetect-current.tar.gz

5. Change directory to maldetect-*

root@server [/]# cd maldetect-*

6. Execute the maldet installation script

root@server [/]# sh install.sh

Linux Malware Detect v1.5
(C) 2002-2016, R-fx Networks (C) 2016, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
imported config options from /usr/local/maldetect.last/conf.maldet
maldet(14206): {sigup} performing signature update check…
maldet(14206): {sigup} local signature set is version 2016063011816
maldet(14206): {sigup} new signature set (2016063019179) available
maldet(14206): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(14206): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(14206): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(14206): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(14206): {sigup} verified md5sum of maldet-clean.tgz
maldet(14206): {sigup} unpacked and installed maldet-clean.tgz
maldet(14206): {sigup} signature set update completed
maldet(14206): {sigup} 10904 signatures (8987 MD5 / 1917 HEX / 0 USER)

Maldet installation completed.
 


 
How to scan your Linux server using Linux malware detect

1. Log into your Linux server via SSH as root

2. Run the below command to start a maldet scan

Command to scan /home directory : maldet -a OR maldet --scan-all

You can use wildcards (?) in maldet scan command. An Example is given below

Command to scan public_html directory of all users : /home/?/public_html

root@server [/]# maldet -a
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks (C) 2015, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(32167): {scan} signatures loaded: 10824 (8909 MD5 / 1915 HEX / 0 USER)
maldet(32167): {scan} building file list for /home, this might take awhile…

By default maldet command will start scanning the /home directory if no directory is specified in the scan command.
maldet -a and maldet --scan-all command will scan home directory.

An example is given below :

root@server [/]# maldet -a /home/?/public_html

OR

root@server [/]# maldet --scan-all /home/?/public_html

root@server [/]# maldet --scan-all /home/?/public_html
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks (C) 2015, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(2701): {scan} signatures loaded: 10824 (8909 MD5 / 1915 HEX / 0 USER)
maldet(2701): {scan} building file list for /home/*/public_html, this might take awhile…
maldet(2701): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(2701): {scan} file list completed in 1s, found 12494 files…
maldet(2701): {scan} scan of /home/*/public_html (12494 files) in progress…

Always do maldet scan in screen because some scans might take long time. Scan duration depends on total number of files in the account/website.

Maldet files are saved in the directory /usr/local/maldetect and the configuration file is /usr/local/maldetect/conf.maldet

 


 

How to view maldet scan logs – Maldet log file Location (Linux malware detect Logs)

Maldet (malware detect) scan logs are saved in the server directory /usr/local/maldetect/logs

Command to check the maldet scan logs : tail -f /usr/local/maldetect/logs/event_log
 

root@server [/]# tail -f /usr/local/maldetect/logs/event_log

 

Use ‘tail’ to view the last few lines of the file /usr/local/maldetect/logs/event_log

The below commands can be used to view maldet logs.

 

root@server [/]# maldet --log

OR

root@server [/]# maldet -l

 
Example :
 

root@server [/]# tail -f /usr/local/maldetect/logs/event_log
May 04 04:15:22 server maldet(6398): {scan} scan of /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/ (31 files) in progress…
May 04 04:15:26 server maldet(6398): {scan} scan completed on /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/: files 31, malware hits 0, cleaned hits 0, time 6s
May 04 04:15:26 server maldet(6398): {scan} scan report saved, to view run: maldet --report 160504-0415.6398

root@server [/]# maldet --log
May 04 04:15:22 server maldet(6398): {scan} file list completed in 2s, found 31 files…
May 04 04:15:22 server maldet(6398): {scan} scan of /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/ (31 files) in progress…
May 04 04:15:26 server maldet(6398): {scan} scan completed on /home*/*/public_html/ /var/www/html/ /usr/local/apache/htdocs/: files 31, malware hits 0, cleaned hits 0, time 6s
May 04 04:15:26 server maldet(6398): {scan} scan report saved, to view run: maldet --report 160504-0415.6398

Comments

  • hombres sin ropa interior
    May 14, 2016 at 12:01 pm

    Thanks for every other informative website. The place else could I am getting that kind of info written in such a perfect means? I’ve a project that I’m just now running on, and I have been on the glance out for such info.
    hombres sin ropa interior http://www.seaplanejados.com.br/lanea.php?es=id-909

  • calvin klein 365
    May 19, 2016 at 5:35 am

    Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! By the way, how can we communicate?
    calvin klein 365 http://www.newcachambi.com.br/nambe.php?es=calvin-klein-365

  • outlet de calvin klein
    May 26, 2016 at 4:16 am

    Hi there to every body, it’s my first visit of this web site; this weblog consists of amazing and truly fine data in support of visitors.

  • nike air max rosas
    May 27, 2016 at 9:03 pm

    Awsome blog! I am loving it!! Will come back again. I am taking your feeds also

  • zapatos louboutin online españa
    May 29, 2016 at 2:03 am

    Itˇs really a nice and helpful piece of info. Iˇm satisfied that you shared this helpful information with us. Please stay us up to date like this. Thanks for sharing.

  • cheap nike air max speed turf 49ers for sale
    June 1, 2016 at 12:45 am

    Whats Going down i am new to this, I stumbled upon this I have found It absolutely helpful and it has helped me out loads. I hope to give a contribution & assist different users like its helped me. Good job.

  • lungs cancer
    June 1, 2016 at 1:55 am

    Its such as you read my mind! You seem to understand so much approximately this, like you wrote the ebook in it or something. I believe that you just can do with some p.c. to drive the message house a bit, however other than that, that is excellent blog. A fantastic read. I will definitely be back.|

  • life ins quotes
    June 1, 2016 at 6:45 pm

    Aw, this was an extremely good post. Spending some time and actual effort to make a top notch article… but what can I say… I procrastinate a whole lot and never seem to get nearly anything done.|

  • fotbollsskor rea
    June 2, 2016 at 2:20 am

    I think this is among the most vital information for me. And i am glad reading your article. But wanna remark on some general things, The web site style is wonderful, the articles is really nice : D. Good job, cheers
    fotbollsskor rea http://www.la-cantina.se/tin.php?sv=fotbollsskor-rea

  • salomon 3d
    June 2, 2016 at 3:13 am

    Thank you for the sensible critique. Me & my neighbor were just preparing to do some research on this. We got a grab a book from our area library but I think I learned more clear from this post. I am very glad to see such fantastic information being shared freely out there.
    salomon 3d http://www.tartarugalaposta.it/capos.php?es=salomon-3d

  • zombie porn
    June 2, 2016 at 4:13 am

    This is one awesome blog post.Much thanks again. Much obliged.

  • Boots Isabel Marant Shop Online
    June 4, 2016 at 12:06 pm

    Itˇs actually a nice and helpful piece of information. Iˇm happy that you shared this helpful info with us. Please stay us up to date like this. Thanks for sharing.

  • air yeezy 2
    June 8, 2016 at 3:37 am

    these air yeezy 2 http://www.aliexpress.com/store/group/Football-Shoes/1950023_506559544.html are awesome! they are adorable. they’re also incredibly durable and final incredibly long. i might def encourage these to a friend! 🙂

  • salomon xr mission comprar
    June 10, 2016 at 12:49 pm

    Hello. magnificent job. I did not anticipate this. This is a fantastic story. Thanks!
    salomon xr mission comprar http://www.dicasanova.com/anova.php?es=salomon-xr-mission-comprar

  • Brazilian Virgin Hair
    June 12, 2016 at 4:31 am

    I had that brief saying Brazilian Virgin Hair https://www.youtube.com/watch?v=pDemw0wW1UQ not to mention whereby so nice and will match with something. Products due to the fact dye easily. So you’ve that should be actually carefull where you part.

  • zapatillas salomon niños
    June 17, 2016 at 1:35 pm

    Itˇs actually a nice and helpful piece of information. I am happy that you just shared this useful info with us. Please stay us up to date like this. Thank you for sharing.
    zapatillas salomon niños http://www.estreladeconimbriga.com/conit.php?es=zapatillas-salomon-ninos

  • salomon wings 3
    June 17, 2016 at 1:35 pm

    Great awesome things here. I am very satisfied to see your post. Thanks a lot and i am looking forward to contact you. Will you please drop me a mail?

  • salomon s-lab xt 7
    June 21, 2016 at 1:08 pm

    There is noticeably a bunch to know about this. I feel you made some good points in features also.

  • salomon baratas china
    June 22, 2016 at 4:14 am

    I’ve been surfing online more than three hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the net will be much more useful than ever before.
    salomon baratas china http://www.sva39.ru/mauueg.php?es=salomon-baratas-china

  • timberland r贸偶owe
    June 24, 2016 at 3:09 pm

    We’re a group of volunteers and opening a new scheme in our community. Your website provided us with valuable information to work on. You have done an impressive job and our whole community will be thankful to you.
    timberland r贸偶owe http://vozim.com.ua/usho/allegro-timberland.html

  • mokasyny timberland
    June 28, 2016 at 6:06 pm

    You made some good points there. I did a search on the subject and found most people will go along with with your site.
    mokasyny timberland http://info-net.pl/tim/mokasyny-timberland.html

  • nike air max 96
    June 29, 2016 at 12:12 am

    You completed a few fine points there. I did a search on the issue and found most persons will go along with with your blog.

  • tani kredyt gotówkowy
    June 29, 2016 at 6:53 pm

    Thank’s great post.

  • timberland bia艂e
    July 3, 2016 at 12:48 am

    I have been reading out many of your posts and i can claim pretty clever stuff. I will surely bookmark your blog.
    timberland bia艂e http://zswp.pl/timberland-bia艂e.html

  • Smart Balance Wheel
    July 3, 2016 at 6:39 am

    Smart Balance Wheel http://www.fashionhoverboard.com d’excellente qualité tel que décrit. lettre rapide. moi recommance ce vendeur

  • funny videos
    July 5, 2016 at 10:02 pm

    JOeisG Wow, amazing blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your web site is fantastic, as well as the content!

  • tube sites
    July 6, 2016 at 3:55 am

    Major thankies for the article.Really looking forward to read more. Really Cool.

  • visit the website
    July 18, 2016 at 8:21 am

    I simply want to say I am all new to blogging and actually liked your website. More than likely I’m want to bookmark your blog post . You actually have very good writings. Many thanks for sharing with us your web page.