Maldet - Installation and Management on a VPS/Dedicated Linux Server

This documentation is applicable to the below environment
 

Malet Installation

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh 

Linking ClamAV signatures for combined effective threat detection

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

Updating the malware database

/usr/local/sbin/maldet -d
/usr/local/sbin/maldet -u
/usr/local/bin/freshclam

Configuration of Maldet

• Maldet configuration file is /usr/local/maldetect/conf.maldet.
• You can configure maldet to send email alerts of complete scan results, quarantine infected files, etc. A few of the most used maldet parameters are below:
  • email_alert : If you would like to receive complete scan results, then it should be set to 1.
  • email_addr : Add your email address to receive scan results
  • autoupdate_signatures : This controls the daily automatic updates of LMD signature files and cleaner rules. It is highly recommended that this be enabled [set to 1]as new signatures are released multiple times per week.
  • quarantine_hits : If you want to remove malicious files from the public directory to Maldet directory, it should be set 1.
  • quarantine_clean : Cleaning detected malware injections, must set to 1.

Scanning using Maldet
 

• Scanning all the cPanel user accounts

maldet -a /home/?

• Scanning a specific path

maldet -a /home/username-here/public_html/path/?