Article

Table of Contents
Theme:
Was this article helpful?

2  out of  2 found this helpful

Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles.

Scan for Malware and Viruses on CentOS using ClamAV and Linux Malware Detect

Last Updated: Thu, Aug 13, 2015
CentOS Security Server Apps

Linux Malware Detect and ClamAV are two effective tools to easily scan for malware and viruses on a VPS server. In this article, we are going to install both programs on CentOS. These steps will work on both CentOS 6 and 7.

1. Install Linux Malware Detect

Install Linux Malware Detect from the official website. At the time of writing, the current version is maldetect-1.4.2.

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

tar -xvf maldetect-current.tar.gz

cd maldetect-1.4.2

./install.sh

Once the installation finishes, Linux Malware Detect will automatically create a daily cronjob task.

2. Configure Linux Malware Detect

All configuration settings of Linux Malware Detect are stored in the file /usr/local/maldetect/conf.maldet. Configure the following subset of options:

email_alert=1

email_addr=youremail@localhost

email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"

quar_hits=1

quar_clean=1

clam_av=1

For the values below, 1=true and 0=false.

  1. email_alert=1: If you want to receive notifications via email.

  2. email_addr=youremail@localhost: Enter your email address.

  3. email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)" : Email subject of the notification.

  4. quar_hits=1: Move the malware to quarantine.

  5. quar_clean=1: Delete any malware detected.

  6. clamav_scan=1: Use ClamAV's malware library to scan.

3. Install ClamAV

Installing ClamAV helps Linux Malware Detect to scan processes faster and more effectively. First, we need to install the EPEL repo:

yum install epel-release

Then, we install ClamAV with the following command:

yum update && yum install clamav

4. How To Use Linux Malware Detect

After finishing the installation process, you are able to use Linux Malware Detect to scan for malware.

To scan a folder, use this command:

maldet --scan-all /home/domain.com/public_html

If you only want to scan some specified file types (.php for example), you can use the following command:

maldet --scan-all /home/domain.com/public_html/*.php

To view a scanning report, use the following command. Replace 14715-1421.3219 with the scan ID.

maldet --report 14715-1421.3219

You can update Linux Malware Detect by running:

maldet -u

To delete all quarantined files:

rm -rf /usr/local/maldetect/quarantine/*

Want to contribute?

You could earn up to $600 by adding new articles.