Downloading and Installing Maldet
Login into server through SSH using a Terminal or Putty. Run the following commands to download and install maldet in server.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
You can make email alerts to receive maldet report to your email. For that you need to make changes in maldet configuration file.
Open maldet configuration file and do changes as below:vim /usr/local/maldetect/conf.maldet
email_alert=1 (change value from 0 to 1)
email_subj=maldet alert from server
email_addr=alerts@yourdomain-name.com (menstion mail id for which you need to receive maldet report)
email_ignore_clean=0 (kept as 0)
quar_hits=1 (change value from 0 to 1)
Scanning for Malware using Maldet
To scan whole server, use this command.
maldet -a /
To scan just a specific directory, use this command.
maldet -a /home/yoursubfoldername
If Maldet finds infected files on the server, they will display in the output of the above commands. The next step is to clean those files using the following commands. Note that this is an example, and your output may change slightly. The entry for DATE-TIME will be the date and time of the scan report.
maldet(15153): {scan} scan report saved, to view run: maldet –report DATE-TIME
Type below command to list all scanned report in server.
maldet –report list
You’ll then see a scan result with the ID of each scan. To clean up the infected suspicious files on the server, youc an run the following command. You need to run the clean command passing the scanid as a parameter, which is shown here as DATE-TIME.
maldet -q DATE-TIME