Downloading
cd /tmp wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Installing
# tar xfz maldetect-current.tar.gz cd maldetect-* ./install.sh
Configuring
Open the file /usr/local/maldetect/conf.maldet and make any changes according to your needs. These are the main options:
email_alert : If you would like to receive email alerts, then it should be set to 1.
email_subj : Set your email subject here.
email_addr : Add your email address to receive malware alerts.
quar_hits : The default quarantine action for malware hits, it should be set 1.
quar_clean : Cleaing detected malware injections, must set to 1.
quar_susp : The default suspend action for users wih hits, set it as per your requirements.
quar_susp_minuid : Minimum userid that can be suspended.
Running a scan (Substitute /home with the directory you want to scan)
maldet --scan-all /home
Daily Scans
By default installation keeps LMD script under /etc/cron.daily/maldet and it is used to perform a daily scans, update of signatures, quarantine etc, and sends a daily report of malware scan to your specified emails. If you need to add additional paths to be scanned, then you should edit this file accordingly to your requirements.
vi /etc/cron.daily/maldet
Manual Update
maldet -u
