Skip to content

Instantly share code, notes, and snippets.

@plembo

plembo/lmdnotes.md

Last active May 15, 2026 14:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save plembo/a6feda35012e046410dc57acb29490a9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save plembo/a6feda35012e046410dc57acb29490a9 to your computer and use it in GitHub Desktop.
Download ZIP
Linux Malware Detector
Raw
lmdnotes.md

Linux Malware Detector

https://www.rfxn.com/projects/linux-malware-detect

Prerequisites

$ sudo apt install inotify-tools clamav clamav-freshclam clamav-daemon

By default, maldet is configured to monitor user directories for changes. It needs inotify and clamav-daemon to do this.

Download and Install

$ wget https://www.rfxn.com/downloads/maldetect-current.tar.gz
$ tar xzf maldetect-current.tar.gz
$ cd maldetect-1.6.6
$ sudo ./install.sh

Configure

Configuration is in /usr/local/maldetect/conf.maildet.

  • Add the following at the top of conf.maldet ensure vim is used instead of nano when invoking with sudo:
EDITOR=/usr/bin/vim
  • Change email address to "root@localhost".
  • Comment out default_monitor_mode="users" and remove comment from:
default_monitor_mode="/usr/local/maldetect/monitor_paths"
  • Edit monitor_paths to look like this:
/home
/root
/var/tmp
/tmp

Use

Normally, maldet monitors user directories and will also be run by cron.daily and cron.weekly, but you can also run it manually:

Update signatures

sudo maldet -u

Scan a directory or file

sudo maldet -a /path/to/scan

Read report

sudo maldet --report 260419-1606.1117249

Quarantine files identified in report

sudo maldet -q 260419-1606.1117249

References

https://ivansalloum.com/how-to-protect-linux-servers-from-malware/

https://linuxvox.com/blog/linux-malware-detect/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment