Last Updated: 1/07/2015
This article applies to the following services:
- VPS (Linux only)
- Dedicated servers (Linux only)
cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
maldet -d && maldet -u
Edit the config file:
vi /usr/local/maldetect/conf.maldet
I recommend changing the quarantine problem files and alert to a different email address.
To run it via command line:
maldet --scan-all /home?/?/public_html
or
maldet --can-all ./
If the scan directory is rather large, you may prefer to run the scan in the background with the -b switch:
maldet -b --scan-all /home?/?/public_?
Verify the scan report:
maldet --report list
Show a specific report details:
maldet --report SCANID
Show all scan details from log file:
grep "{scan}" /usr/local/maldetect/even_log
Clean malicous files? By default the quarantine is disabled. You will have to launch it manually. (You can set this up automatically in the /usr/local/maldetect/conf.maldet file. Also, email alerts can be enabled here too.)
Maldet -q SCANID
It is advised that you also scan /tmp and /dev/shm/
You'll want to setup a cron job to automate nightly scans.
You can also initiate a monitoring for any user account as follows:
maldet --monitor /home/username
This monitor will continue to run in the background and the resultant logs will be reported in the blow log file:
/usr/local/maldetect/inotify/inotify_log
