Categories: Administrative tools

Features & Configuring of Linux Malware Detect

Table of Contents

Linux Malware Detect

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Features of Linux Malware Detect:

1) Install Linux Malware Detect.
2) Scan specified directories.
3) Scan the document root of all accounts in the server.
4) View previous scan reports.
5) Manage directories to be ignored from scans.
6) Manage file extensions to be exempted from scans.
7) Enable email alert for malware detections.
8) Enable automatic quarantine/cleaning of malware detections.
9) Manually quarantine malware detections based on scan reports.
10) Enable automatic monitoring of user directories or specific folders.

Configuring of Linux Malware Detect:

The configuration of LMD is handled through/usr/local/maldetect/conf.maldet and all options are well commented to make configuration a rather easy task. In case you get stuck, you can also refer to/usr/local/src/maldetect-1.4.2/README for further instructions.

1) email_alert :

If you would like to receive email alerts, then it should be set to

2) email_subj :

Set your email subject.

3) email_addr :

This is a comma spaced list of e-mail addresses that should receive alerts.

4) quar_hits :

The default quarantine action for malware hits, it should be set

5) quar_clean :

This tells LMD that it should try to clean malware that it has cleaner rules for, at the moment base64_decode and gzinflate file injection strings can be cleaned. Files that are cleaned are automatically restored to original path, owner and permission.

6) quar_susp :

The default suspend action for users wih hits, set it as per your requirements.

7) quar_susp_minuid :

This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.Minimum userid that can be suspended.

8) Usage & Manual Scans

The first thing most users are looking to do when they get LMD installed is to scan a certain path or series of paths.

The configuration file for Maldet is located under /usr/local/maldetect/conf.maldet . Other important files are:

# exec file: /usr/local/maldetect/maldet
# exec link: /usr/local/sbin/maldet
# exec link: /usr/local/sbin/lmd
# cron.daily: /etc/cron.daily/maldet

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.

Recent Posts

Crafting a Professional Email: Step-by-Step Guide

Due to growing digitalization, Email Communication has become the backbone of professional interactions. Yet, surprisingly, many professionals struggle to craft…

1 day ago

Demystifying SSL: What Every Website Owner Should Know

As the digital landscape continues to evolve, securing your website has never been more crucial. SSL, or Secure Sockets Layer,…

1 week ago

Cyberduck and FileZilla: A Comprehensive Comparison

As a web designer and web developer your experience must have reached to new height, right? Further, you need to…

1 month ago

The Science Behind Social Media Posting Times

In today's digital landscape, timing is everything. Whether you're a social media manager, business owner, or content creator, the success…

1 month ago

Mastering Google Search Console: Tips for New Users

Are you a website owner? Maintaining the website is the prime concern for any website owner. Yes, it’s equally important…

1 month ago