LINUX SECURITY Spyware

How to Detect and Remove Malware

malware-1

How to Detect and Remove Malware

How to Install Maldet

To Install Maldet on your Linux server copy and paste the following into the command lines. Maldet will then be pre-scheduled to run daily.

pushd /usr/local/src/
rm -vrf /usr/local/src/maldetect-*
rm -vrf /usr/local/src/linux-malware-detect*
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
maldet --update-ver
#sed patch - commands added to address current problem with maldet overriding values in the conf file
sed -i 's/quarantine_hits=\"1\"/quarantine_hits=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/quarantine_clean=\"1\"/quarantine_clean=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_alert=\"1\"/email_alert=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr=\"you@domain.com\"/email_addr=\"\"/' /usr/local/maldetect/conf.maldet
#end sed patch
maldet --update
if [ -e /usr/local/cpanel/3rdparty/bin/clamscan ] then
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/bin/freshclam
if [ ! -d /var/lib/clamav ] then mkdir /var/lib/clamav
fi
ln -s /usr/local/cpanel/3rdparty/share/clamav/main.cld /var/lib/clamav/main.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/daily.cld /var/lib/clamav/daily.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld /var/lib/clamav/bytecode.cld
else
echo -e "\n\e[31mClamAV does not appear to be installed through cPanel.\nThe ClamAV definitions will not be used.\e[39m\n"
fi
Popd

Scanning for Malware

Once you have completed the installation you will want to configure the scanning process. The configuration for maldet is located /usr/local/maldetect/conf.maldet. You will want to open the file with your favorite text editor such as vim or nano:

vim /usr/local/maldetect/conf.maldet

Once you’re piece of writing the file you’ll wish to feature your email address between the “ “ on the roademail_addr=, like thus email_addr=“myemail@mydomain.tld”

You can additionally created the scan to quarantine the malicious files it finds by dynamical the roadquarantine_hits= from “0” to “1”, it ought to appear as if quarantine_hits=“1”. I’d advise against this selection because it will devour legitimate code erroneously. If the scan will erroneously place a legitimate file into quarantine, you’ll ought to move it into place by victimization the subsequent command example, commutation SCANID with the right scan ID according by maldet:

Maldet --restore {SCANID}

Once you’ve got run the scan with quarantines for a few times and you’re assured that no safe files are being picked up, you will wish to show on removal of isolated files within the same configuration /usr/local/maldetect/conf.maldet at the road quarantine_clean= from “0” to “1”, it ought to appear as if quarantine_clean=”1”. I’d in person avoid this configuration possibility because it will continuously devour new edits erroneously and destroy your labor.

READ  LINUX - How do you get the size of a directory on the command line

Looking for pre-configured protection for servers and websites? cross-check our wide security offerings that are bound to match any of your security concerns!

About the author

Venkatesan Prabu

Venkatesan Prabu

Wikitechy Founder, Author, International Speaker, and Job Consultant. My role as the CEO of Wikitechy, I help businesses build their next generation digital platforms and help with their product innovation and growth strategy. I'm a frequent speaker at tech conferences and events.

Add Comment

Click here to post a comment