Linux Malware Detect and ClamAV are two effective tools to easily scan for malware and viruses on a VPS server. In this article, we are going to install both programs on CentOS. These steps will work on both CentOS 6 and 7.
1. Install Linux Malware Detect
Install Linux Malware Detect from the official website. At the time of writing, the current version is maldetect-1.4.2.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
Once the installation finishes, Linux Malware Detect will automatically create a daily cronjob task.
2. Configure Linux Malware Detect
All configuration settings of Linux Malware Detect are stored in the file /usr/local/maldetect/conf.maldet
. Configure the following subset of options:
email_alert=1
email_addr=youremail@localhost
email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
quar_hits=1
quar_clean=1
clam_av=1
For the values below, 1=true
and 0=false
.
email_alert=1
: If you want to receive notifications via email.email_addr=youremail@localhost
: Enter your email address.email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"
: Email subject of the notification.quar_hits=1
: Move the malware to quarantine.quar_clean=1
: Delete any malware detected.clamav_scan=1
: Use ClamAV’s malware library to scan.
3. Install ClamAV
Installing ClamAV helps Linux Malware Detect to scan processes faster and more effectively. First, we need to install the EPEL repo:
yum install epel-release
Then, we install ClamAV with the following command:
yum update && yum install clamav
4. How To Use Linux Malware Detect
After finishing the installation process, you are able to use Linux Malware Detect to scan for malware.
To scan a folder, use this command:
maldet --scan-all /home/domain.com/public_html
If you only want to scan some specified file types (.php
for example), you can use the following command:
maldet --scan-all /home/domain.com/public_html/*.php
To view a scanning report, use the following command. Replace 14715-1421.3219
with the scan ID.
maldet --report 14715-1421.3219
You can update Linux Malware Detect by running:
maldet -u
To delete all quarantined files:
rm -rf /usr/local/maldetect/quarantine/*