How To Detect Malware On Linux ?
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection
LMD uses MD5 file hashes and HEX pattern matches as signatures. These signatures are built from malware data that was delivered by IPSes, community data, ClamAV and user submissions.
Today i am going to show you how to install and configure LMD to scan for malware on your Linux system. i am using KaliLinux for this demonstration, but you can use same commands with CentOS , RHEL and other Linux distributions.
Let’s start by downloading the latest version and install LMD:-
Open the Terminal and enter the following command to download LMD
|[email protected]:~# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz|
Now Extract it with the following command
|[email protected]:~# tar –xzvf maldetect-current.tar.gz|
Now you need to be enter the following command to install
|[email protected]:~# cd maldetect-1.4.2[email protected]:~/maldetect-1.4.2# ./install.sh|
After installation, daily cron job is added in /etc/cron.daily/maldet, which checks for the latest version of LMD and malware definition/signature files, and update them automatically. If inotify-based real time monitoring is enabled, the daily cron job also scans the recently updated/created files for malware.
To initiate malware scanning manually, run maldet with a target folder to scan.
|[email protected]:~# maldet –scan-all /home
After scanning, you can examine malware scan report by running the following command with the scan report ID.
|[email protected]:~# maldet –report 070913.1146.1903|
Scan a Certain Folder :-
|[email protected]:~# maldet -a /var/www/vhosts/rumyittips.com/httpdocs/|
If you want to actively monitor specific directories for malware infection, you can run maldet as a daemon as follows.
|[email protected]:~# maldet -m /var,/home/rumy
Email Notifications :- If you want to have maldet alert you on detected malware by email, you can modify maldet configuration as follows.
$ vi /usr/local/maldetect/conf.maldet
|email_alert=1email_subj=”Malware detected by maldet”email_addr=”[email protected]”|
Hope you like my post.How To Detect Malware On Linux . Please Share with others.