Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.
Some other antivirus scanners are rkhunter and chkrootkit.
Site links is given below :
http://www.rfxn.com/projects/linux-malware-detect/
Download and install:
[root@server maldetect-1.6.2]# cd /usr/local/src/
[root@server maldetect-1.6.2]# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Untar the package
[root@server maldetect-1.6.2]# tar zxvf maldetect-current.tar.gz
[root@server maldetect-1.6.2]# cd maldetect-1.6.2/
[root@server maldetect-1.6.2]# ls
CHANGELOG COPYING.GPL cron.daily cron.d.pub files install.sh README
Run installer script
[root@server maldetect-1.6.2]# ./install.sh
Linux Malware Detect v1.6.2
(C) 2002-2015, R-fx Networks <[email protected]>
(C) 2015, Ryan MacDonald <[email protected]>
inotifywait (C) 2007, Rohan McGovern <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(5242): {sigup} performing signature update check...
maldet(5242): {sigup} local signature set is version 2012022424364
maldet(5242): {sigup} latest signature set already installed
[root@server maldetect-1.5]#
Now run the scan. -a option is forscan all under dir "/"
[root@server ~]# maldet -a /
Linux Malware Detect v1.6.2
(C) 2002-2015, R-fx Networks <[email protected]>
(C) 2015, Ryan MacDonald <[email protected]>
inotifywait (C) 2007, Rohan McGovern <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(5503): {scan} signatures loaded: 8887 (7023 MD5 / 1864 HEX)
maldet(5503): {scan} building file list for /, this might take awhile...
maldet(5503): {scan} file list completed, found 77829 files...
maldet(5503): {scan} 77829/77829 files scanned: 1 hits 0 cleaned
maldet(5503): {scan} scan completed on /: files 77829, malware hits 1, cleaned hits 0
maldet(5503): {scan} scan report saved, to view run: maldet --report 022412-2111.5503
maldet(5503): {scan} quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 022412-2111.5503
[root@server ~]#
To veiw the report
[root@server ~]# maldet --report 022412-2111.5503
malware detect scan report for server.lap.work:
SCAN ID: 022412-2111.5503
TIME: Feb 25 01:22:52 +0530
PATH: /
TOTAL FILES: 77829
TOTAL HITS: 1
TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 022412-2111.5503
FILE HIT LIST:
{MD5}gzbase64.inject.unclassed.558 : /usr/local/src/maldetect-1.4.2/files/clean/gzbase64.inject.unclassed
===============================================
Linux Malware Detect v1.5 < [email protected] >
This is not necessary and it is better to keep the maldet. But in case if you want to remove/uninstall maldet, you have to remove every files created by maldet manually and it is indeed a difficult task. So for those who want to remove maldet, I have created a simple bash script and just save this in a file and execute after login to your server via SSH.
Steps 1 : Create a file “auto_maldet_remover.sh” with the following contents
#!/bin/bash
#
##
# Copyright (C) HostingTrainer.Com | It's all about WebHosting!
# This script is free to use and distribute. We hope this will be useful.
# If you face any issues or if you need any further help,
# Feel free to reach us at HostingTrainer.com
#######################
## Malware Detect Uninstall Script ###
#######################
RED='\033[01;31m'
RESET='\033[0m'
GREEN='\033[01;32m'
inspath=/usr/local/maldetect
logf=$inspath/event_log
cnftemp=.ca.def
if[!-d"$inspath"];then
echo" "
echo-e$RED"Maldet is not installed in this system! Exiting"$RESET
echo
echo"If you want to install, you can follow our tutorial"
echo"http://hostingtrainer.com/install-maldet-linux-malware-detect/"
echo
sleep2
exit1
else
rm-rf$inspath
rm-rf$cnftemp
rm-rf/usr/lib/libinotifytools.so.0
rm-rf/etc/cron.daily/maldet
rm-rf/etc/cron.d/maldet_pub
rm-rf$inspath.bk*
rm-rf$inspath.last*
fi
echo
echo
echo-e"$GREEN***********************************************************************************************$RESET"
echo-e" Success!"
echo-e"$GREEN***********************************************************************************************$RESET"
echo
echo
echo"If you want to install again, you can follow our tutorial"
echo"http://hostingtrainer.com/install-maldet-linux-malware-detect/"
echo
Steps 2 : Save the file and give necessary permissions
chmod755 auto_maldet_remover.sh
Steps 3 : Run the script ( This will completely remove maldet from your system )
./auto_maldet_remover.sh
So that’s how you uninstall or remove Maldet from your Linux system.
https://raw.githubusercontent.com/rfxn/linux-malware-detect/master/files/uninstall.sh