Q. What is LMD ?

-- Linux Malware Detect (LMD) is Malware detector & scanner for Linux, Designed for shared hosting environments. LMD is released under GNU GPLV2 license, it can be installed on cPanel WHM & Linux Environments with together other Detection tools such as ClamAV.

Prerequisite:

1. CentOS 6.x
2. Root Privileges.

Step: 1. Install Epel Repository :

# yum -y install epel-release

Step: 2. Install Mailx :

# yum -y install mailx

Step: 3. Install Linux Malware Detect (LMD) :

# cd /tmp
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-1.5
# ./install.sh

Step: 4. Make a Symlink to the maldet Command in the /bin/ Directory :

# ln -s /usr/local/maldetect/maldet /bin/maldet
# hash -r

Step: 5. Configure Linux Malware Detect (LMD) :

# cd /usr/local/maldetect/
# vi conf.maldet

-- Enable Email Alert by Changing the value to '1' on Line No 16.

email_alert="1"

-- Type in Your Email Address on Line No 21.

email_addr="koushik@domain.com"

-- Use the ClamAV Scan binary as default Scan Engine because it provides a high-performance Scan on large file sets. Change value to '1' on Line No 114.

scan_clamscan="1"

-- Enable Quarantining to move Malware to the Quarantine Automatically During the Scan Process. Change value to '1' on Line No 180.

quarantine_hits="1"

-- Enable Clean based Malware Injections. Change value to '1' on Line No 185.

quarantine_clean="1"

-- Save & Quit (:wq)

Step: 6. Install ClamAV :

# yum -y install clamav clamav-devel

Step: 7. Update the ClamAV Virus Databases :

# freshclam

Step: 8. Testing LMD and ClamAV :

-- Go to the Web root Directory & Download some sample malware (eicar) with wget.

# yum -y install wget
# cd /var/www/html
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip
# wget http://www.eicar.org/download/eicarcom2.zip

-- Scan the Web root Directory with the maldet.

# maldet -a /var/www/html

Step: 9. Check the Scan Report :

# maldet --report 161008-0524.9466

Step: 10. Now Check the Email Report from LMD :

# tail -f /var/mail/root

Step: 11. Other LMD Commands :

-- Perform a Scan for Specific file Extention only :

# maldet -a /var/www/html/*.php

-- Get a List of all Reports :

# maldet -e list

-- Scan Files that have been Created/Modified in the last X Days :

# maldet -r /var/www/html/ 5

-- Restore Files from the Quarantine Directory :

# maldet -s SCANID

-- Enable Monitoring of a Directory :

# maldet -m /var/www/html/

-- Check the Monitor Log File :

# tail -f /usr/local/maldetect/logs/inotify_log

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog