Scan Linux server with maldetect

Malware Detect (LMD) is a utility that scans Linux systems for malicious files (malware). Distributed under the GNU GPLv2 license.

MalDetect can use data from intrusion detection systems to extract malicious code (malware). It can also use the anti-virus base of other scanners, such as ClamAV.

MalDetect is not available in the software repository, so you need to download and install it manually:

cd /usr/local/src; wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz; cd maldetect-*
sh ./install.sh; cd../
rm -rf maldetect -*

Update after installation:

maldet-update-ver
maldet-update

Scanning is performed as follows:

maldet -a /home?/?/public_html

or like this:

maldet -a /var/www/

Each scan is assigned a unique ID.

MalDetect does not delete files during a scan. At the end of each scan, you will receive a command with which you can view the scan log.

Something in the style:

maldet -report %report.ID%

In order to remove the detected files, you need to run the following command:

maldet -q %report.ID%