Categories: Administrative tools

Features & Configuring of Linux Malware Detect

Table of Contents

Linux Malware Detect

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Features of Linux Malware Detect:

1) Install Linux Malware Detect.
2) Scan specified directories.
3) Scan the document root of all accounts in the server.
4) View previous scan reports.
5) Manage directories to be ignored from scans.
6) Manage file extensions to be exempted from scans.
7) Enable email alert for malware detections.
8) Enable automatic quarantine/cleaning of malware detections.
9) Manually quarantine malware detections based on scan reports.
10) Enable automatic monitoring of user directories or specific folders.

Configuring of Linux Malware Detect:

The configuration of LMD is handled through/usr/local/maldetect/conf.maldet and all options are well commented to make configuration a rather easy task. In case you get stuck, you can also refer to/usr/local/src/maldetect-1.4.2/README for further instructions.

1) email_alert :

If you would like to receive email alerts, then it should be set to

2) email_subj :

Set your email subject.

3) email_addr :

This is a comma spaced list of e-mail addresses that should receive alerts.

4) quar_hits :

The default quarantine action for malware hits, it should be set

5) quar_clean :

This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.

6) quar_susp :

The default suspend action for users wih hits, set it as per your requirements.

7) quar_susp_minuid :

This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.Minimum userid that can be suspended.

8) Usage & Manual Scans

The first thing most users are looking to do when they get LMD installed is to scan a certain path or series of paths.

The configuration file for Maldet is located under /usr/local/maldetect/conf.maldet . Other important files are:

# exec file: /usr/local/maldetect/maldet
# exec link: /usr/local/sbin/maldet
# exec link: /usr/local/sbin/lmd
# cron.daily: /etc/cron.daily/maldet

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.

Recent Posts

The Ultimate Showdown: Linux vs Windows for VPS Hosting

As the demand for virtual private servers (VPS) continues to grow, businesses and individuals are faced with a crucial decision:…

2 weeks ago

Questions to Ask Your Web Hosting Support Team

Web hosting is a large industry, as many other factors help any web hosting provider to form a company. The…

2 weeks ago

How to Secure Your WordPress Site in 2025

Welcome to the complete guide to WordPress security best practices in 2024. As technology evolves rapidly, implementing strong security measures…

3 weeks ago

Unlocking the Secrets of Hosting: Essential Questions to Ask Hostripples

Hey, wanted to learn about web hosting? Or do you want to start a new website and need hosting? Questions…

3 weeks ago

DDoS Attacks: What You Need to Know for Protection

In today's digital world, the threat of DDoS attacks has become increasingly prevalent. These types of attacks have the power…

1 month ago