Friday , 28 October 2016

How To Detect Malware On Linux

How To Detect Malware On Linux

How To Detect Malware On Linux ?

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection

LMD uses MD5 file hashes and HEX pattern matches as signatures. These signatures are built from malware data that was delivered by IPSes, community data, ClamAV and user submissions.

Today i am going to show  you how to install and configure LMD to scan for malware on your Linux system. i am using KaliLinux for this demonstration, but you can use same commands with CentOS , RHEL and other Linux distributions.

Let’s start by downloading the latest version and install LMD:-

Open the Terminal and enter the following command to download LMD

root@kali:~# wget


Now Extract it with the following command

root@kali:~# tar –xzvf maldetect-current.tar.gz


Now you need to be enter the following command to install

 root@kali:~# cd maldetect-1.4.2root@kali:~/maldetect-1.4.2# ./



After installation, daily cron job is added in /etc/cron.daily/maldet, which checks for the latest version of LMD and malware definition/signature files, and update them automatically. If inotify-based real time monitoring is enabled, the daily cron job also scans the recently updated/created files for malware.

To initiate malware scanning manually, run maldet with a target folder to scan.

root@kali:~# maldet –scan-all /home



After scanning, you can examine malware scan report by running the following command with the scan report ID.

root@kali:~# maldet –report  070913.1146.1903


Scan a Certain Folder :-

root@kali:~# maldet -a /var/www/vhosts/

If you want to actively monitor specific directories for malware infection, you can run maldet as a daemon as follows.

root@kali:~# maldet -m /var,/home/rumy


Email Notifications :- If you want to have maldet alert you on detected malware by email, you can modify maldet configuration as follows.

$  vi /usr/local/maldetect/conf.maldet

email_alert=1email_subj=”Malware detected by maldet”email_addr=””

Hope you like my post.How To Detect Malware On Linux . Please Share with others.

Use Facebook to Comment on this Post

About Syed Balal Rumy

A 27 year Tech Geek and a blogger from India ( Bihar ) , live in New Delhi. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Powered by