Answered by the Webhosting Experts

How to Install Maldet and Run a Scan

What is Maldet?

Maldet is a commonly used abbreviation for Linux Malware Detect (LMD), a malware scanner for Linux released under the GNU GPLv2 license.

What makes Maldet unique, is that it is designed around the threats faced in shared hosting environments. Maldet works by using threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

 

How to Install Maldet in 5 Easy Steps

Before you can run a scan with Maldet, you’ll need to download, unpack, and install it onto your server. By following these five easy steps though, you’ll be up and running in no time. Best of all, the process can be completed entirely from within your server’s terminal by using the following series of commands.

  1. First, you’ll need to log in to your server with root user.

  2. The Maldet installation pack is not available from online repositories, but is instead distributed as a tarball from the project’s official web site. The tarball containing the source code of the latest version can be downloaded directly using the following command or by accessing this link:

    wget
    https://www.rfxn.com/downloads/maldetect-current.tar.gz

Terminal window showing the results of the "wget https://www.rfxn.com/downloads/maldetect-current.tar.gz" command

  1. Once the tarball is downloaded, you’ll need to unpack it and enter the directory where its contents were extracted. To extract the file, use the command shown below and hit enter.

    tar -xvf maldetect-current.tar.gz

Terminal window showing the files unpacked after using the "tar -xvf maldetect-current.tar.gz" command

  1. Now, move to the Maldet directory using the cd command:

    cd maldetect-1.4.2

    *Note: the above command is specific to maldetect version 1.4.2. Depending on which version of Maldet is current, this command will change. Be sure to use the version number that aligns with the version of Maldet which you unpacked in step 3. For instance, if you’ve downloaded maldetect ver 1.6.4, you should use the command  cd maldetect-1.6.4.

Terminal window showing the "cd maldetect-1.4.2" command being used to move into the Maldet directory

Terminal window showing the contents of the Maldet directory using the list command

  1. Once you’ve moved into the Maldet directory, you will have to execute the installation script. This can be done by entering the command below and then hitting enter.

    ./install.sh

Terminal window highlighting the "./install.sh" command as well as the result: "maldet(2890): {sigup} new signature set (201504066258) available"

 

Updating the Maldet Client

Now that the client has been installed, it’s critical to make sure that the definitions and scan signatures are up-to-date prior to every malware scan. Updating definitions helps ensure that the latest known malware threats are detected, so long as they are in the database which it is being updated from.

To update your Maldet client, just follow these steps:

  1. First, to update the Maldet definitions, run the following command:

    maldet -u

    Screenshot showing the results of the "maldet -u" command

  2. Next, to ensure optimal performance when running maldet -u, run this second command as well:

    maldet -d

    Screenshot showing the results of the "maldet -d" command

Running a Scan with Maldet

Now that Maldet is installed, you can check to make sure it’s working correctly by running a scan on your server to identify infected files. To run a scan, enter the following command:

maldet –a

root server showing [~/maldetect-1.4.2] #maldet - a

As you can see in the image above, if everything has been entered correctly, you should see that Maldet has started scanning now.

A report is made for every Maldet scan performed in the system. The event log along with the completed reports can all be viewed using the following commands:

  1. To view the events and scan status, just run the following command:

    tail /usr/local/maldetect/logs/event_log

    Screenshot showing the results of the "tail /usr/local/maldetect/logs/event_log" command

  2. To view a list of all the reports made by Maldet, run the following command. *Note: there are two hyphens before the “report list”.

    Maldet –report list

    Screenshot showing the results of the "Maldet --report list" command

  3. Once a report of interest has been presented, run this second command with the relevant “SCAN ID” to view the individual report in detail. *Note: you will need to replace “SCANID” in the command below with an actual ID number. See the screenshot below.

    maldet –report SCANID

    Screenshot showing the "maldet --report SCANID" command with a relevant scan id

    Screenshot showing the results of the "maldet --report SCANID" command

And with that, you should now be able to run Maldet scans as needed and check the results of past scans whenever necessary.

 

Popular Links

Looking for more information on Maldet? Search our Knowledge Base!

Interested in more articles about Security? Navigate to our Categories page using the bar on the left or check out these popular articles:

Popular tags within this category include: YUM, Maldet, SSL, and more.

Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base.

 

The Hivelocity Difference

Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers.

With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for.

Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you.

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: support@hivelocity.net. We are also available to you through our phone and live chat system 24/7/365.