Malware and Linux

Malware and Linux is not something you see everyday but it can happen. If you stick to installing software from the software manager you can be sure it has been checked by the distro your using for malware and virus.

However, if you download and install software from outside sources then there is a chance you could infect your system yourself. So you should only download software from known company’s like Google, Virturalbox and other trusted named websites.

Here we are going to install and setup up a malware detection program and scan your system for infections.

Malware Detection in Linux

How to install Malware Detection
Open a Terminal Window
Become Root Copy and Paste here

su

Change directory to tmp so we do not need to clean up afterwards.

cd /tmp

Download current version from site.

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Edit the tar file.

tar xvfvz maldetect-current.tar.gz

Check the folder name for the latest version.

cd maldetect-1.4.2

Install Maldet you should still be in the /tmp/maldetect-1.4.2/ directory (if not change to by typing in cd /tmp/maldetect-1.4.2/

sudo sh install.sh

You must configure it first to allow it to quarantine malware it finds.

Type in sudo gedit /usr/local/maldetect/conf.maldet  (Change gedit to the name of your text editor for your system.)

From within the gedit program do a crtl f to find quar_hits= and change the 0 (zero) to a 1 (one). Now it will quarantine what it finds. Then do crtl f to find public_scan= and change the 0 (zero) to a 1 (one). This allows non-root users to perform malware scans.

Now: Run a check on your whole system.
sudo maldet --scan-all /home

If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following.

sudo maldet --restore config.php.2384

or

sudo maldet --restore /usr/local/maldetect/quarantine/config.php.2384

To fully review the –help output for details on all options and the README file for more details on how LMD operates.

sudo maldet --help

To view the results type in your terminal window maldet –report

 

Location of Installed files.

/usr/local/maldetect
 config file: /usr/local/maldetect/conf.maldet
 exec file: /usr/local/maldetect/maldet
 exec link: /usr/local/sbin/maldet
 exec link: /usr/local/sbin/lmd
 cron.daily: /etc/cron.daily/maldet

Addition information

man maldet

Enjoy

If you have any questions, please email me and I will be glad to help

Leave a Comment

You must be logged in to post a comment.