Using MalDet to Protect Servers from Malware and Spammers
=========================================================
Linux Malware Detect, or MalDet, is a third party program, specifically designed to detect malware in shared hosting
environments. While InterWorx is not affiliated with MalDet and does not directly support it, it can be a useful tool
for identifying and eliminating malware that may be used to send spam from the server.
Detailed information on MalDet can be found `here `__.
.. note::
A full listing of MalDet’s options can be found in the README file, or by running ``maldet –help`` after installation.
.. contents::
Installing MalDet
-----------------
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. Download the tarball for the current version of Maldet, using ``wget``
.. code-block::
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
#. Using ``tar``, extract the file
.. code-block::
tar -zxvf maldetect-current.tar.gz
#. Navigate to the directory where the contents of the tar file were extracted. This will reside in the current directory,
and be named ``maldetect-[current-version]``. In this example, the current version is 1.6.4
.. code-block::
cd maldetect-1.6.4/
#. Run the install script, located in that directory
.. code-block::
./install.sh
Running a Scan
--------------
#. Log in to the server at the CLI as root, either via SSH or from the terminal
#. Run ``maldet -a`` with the directory to be scanned. For example, to scan all files in the ``/chroot/home``
directory:
.. code-block::
[root@server ~]# maldet -a /chroot/home/
Linux Malware Detect v1.6.4
(C) 2002-2019, R-fx Networks
(C) 2019, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(1578): {scan} signatures loaded: 17189 (14367 MD5 | 2039 HEX | 783 YARA | 0 USER)
maldet(1578): {scan} building file list for /chroot/home/, this might take awhile...
maldet(1578): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(1578): {scan} file list completed in 0s, found 1513 files...
maldet(1578): {scan} found clamav binary at /usr/bin/clamscan, using clamav scanner engine...
maldet(1578): {scan} scan of /chroot/home/ (1513 files) in progress...
maldet(1578): {scan} scan completed on /chroot/home/: files 1513, malware hits 0, cleaned hits 0, time 34s
maldet(1578): {scan} scan report saved, to view run: maldet --report 210130-1407.1578
[root@server ~]#
#. After the scan is complete, it will provide a report of its findings (see last line in the example output above).
Running the provided command (``maldet --report [report number]``), provides a report of what files were scanned
and the findings, if any
.. code-block::
HOST:
SCAN ID: 210130-1407.1578com
STARTED: Jan 30 2021 14:07:20 -0500
COMPLETED: Jan 30 2021 14:07:54 -0500
ELAPSED: 34s [find: 0s]
PATH: /chroot/home/
TOTAL FILES: 1513
TOTAL HITS: 0
TOTAL CLEANED: 0
===============================================
Linux Malware Detect v1.6.4 < proj@rfxn.com >