Linux Malware Detect (LMD) is a malware detection tool designed specifically for Linux systems. It is often used on servers to identify and remove threats that could compromise the system’s security.
Main characteristics of the LMD:
- Signature database: Uses a combination of its own and ClamAV signatures to identify malware.
- Active monitoring: Can be configured to monitor files in real time.
- ClamAV integration: Uses ClamAV’s scanning engine to improve detection.
- Custom scanning: Allows you to scan specific directories for threats.
- Quarantine and removal: When it finds malware, it can move it to quarantine or delete it.
How to install LMD on Linux
Download LMD:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Extract the files:
tar -xvf maldetect-current.tar.gzAccess the extracted folder:
cd maldetect-*
Install LMD:
sudo ./install.shMaldet (LMD) can send an e-mail alert whenever it detects malware.
To configure LMD, edit
nano /usr/local/maldetect/conf.maldet
Locate:
email_alert change to 1
email_addr enter the email address that will receive the report if malware is detected.
LMD can scan and monitor all the accounts on the server.
To do this, first install:
dnf install inotify-tools
To activate monitoring:
maldet -m users
Once this is done, lmd will scan all user accounts in the background.
To scan a user’s files:
maldet -a /home/username/
To scan the public_html folder of all users, run the command below.
maldet –scan-all /home?/?/public_html
To check only the files created/modified in the last 5 days:
maldet --scan-recent /home?/?/public_html 5