It is a very good alternative to have an antivirus on our Linux server, with the installation of Malware Detect (LMD) and ClamAV you can keep your files and directories free of threats that may compromise the integrity of your information or Linux server.
Installing LMD
In the installation of LMD we must first install the dependencies. To install the Packages for Enterprise Linux, we open the terminal and execute the command:
sudo yum -y install epel-release
Once the installation is complete, we must install mailx. This piece of software will be
accused of sending reports to his email address. To install mailx, return to your terminal window and issue the command:
sudo yum -y install mailx
Finally, inotify-tools must be installed for LMD to access the inotifywait command. From
the terminal, issue the command:
sudo yum install inotify-tools
Now we are ready to install LMD. Back in the terminal we first have to install wget to download our package
of installation, we execute the following commands:
yum install wget
cd /tmp
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvzf maldetect-current.tar.gz
cd maldetect-XXX (XXX is the version of the package that we have downloaded)
./install.sh
We must create a symbolic link to the LMD executable with the following two commands:
ln -s /usr/local/maldetect/maldet/bin/maldet
hash -r
Configuring LMD
With LMD installed, it is time to change some configuration options. Edit with the nano command
or vim /usr/local/maldetect/conf.maldet. In that file, you'll want to take care of the following.
Enable the email alert by changing the value 0 to 1 on this line:
yum install nano / yum install vim
We edit the maldet configuration file with the editor of your choice:
nano /usr/local/maldetect/conf.maldet
We change the maldet configuration
email_alert = "0"
Add your email address (for notifications) here:
email_addr = "your@domain.com"
We enable the ClamAV clamscan binary as the default scan engine by changing the 0 to 1 in this line:
scan_clamscan = "0"
Note: Probably already this ClamAV enabled.
We enable quarantine so that malware is automatically quarantined during the scanning process. Changing the '0' to '1' in this line:
quarantine_hits = "0"
Finally, enable malware injections based on clean strings by changing the '0' to '1' in this line:
quarantine_clean = "0"
We save and serve the configuration file conf.maldet
ClamAV installation
Now we go to the installation of ClamAV. From the terminal window, run the following command:
yum -y install clamav clamav-devel
The above command will also install a series of dependencies that will allow this installation process to complete.
Enable folder monitoring
Now that we know that the system is working, we have to configure folder monitoring, so you can
It depends on the LMD to regularly monitor the folder (s) that contain the files on your server. Let's say you want to monitor / var / www / html and a specific folder that contains shared data (we'll call it / data). For LMD to control these two folders (several directories are separated by a comma), issue the following command:
maldet -m /var/www/html/data/
To carry out a complete analysis of the system we execute the following command:
maldet -a
To see more options of maldet we execute the following command:
maldet -h (or simply maldet)