For this tutorial I worked with Linux Malware Detect and ClamAV.

Linux Malware Detect runs against a database of known malware exploits from an updated registry maintained by Team Cymru. ClamAV helps accelerate the speed of scanning.

Setup Linux Malware Detect

Download Malware Detect:

[html]
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
[/html]

Extract:

[html]
tar -xvf maldetect-current.tar.gz
[/html]

Install:

[html]
./maldetect-1.4.2/install.sh
[/html]

Configure Linux Malware Detect. Set toggle to 1, update subject line and enter email address:

[html]
vim /usr/local/maldetect/conf.maldet
[/html]

[html]
# [ EMAIL ALERTS ]
##
# The default email alert toggle
# [0 = disabled, 1 = enabled]
email_alert=1

# The subject line for email alerts
email_subj=”Malware Detect Subject Line $(hostname)”

# The destination addresses for email alerts
# [ values are comma (,) spaced ]
email_addr=”you@domain.com”
[/html]

Set scan to run daily with cron:

[html]
/etc/cron.daily/maldet
[/html]

This cron job will update the malware registry it initially downloaded including any new malware threats and also scan all home directories on the server. If anything is found you will get an email about it telling you the path to the offending file.

Manual Scanning

Scan specific directory:

[html]
maldet -a /home/homedir/public_html/
[/html]

Scan all directories using a wildcard:

[html]
maldet -a /home/?/public_html/
[/html]

Use ClamAV as Scanner Engine on WHM/cPanel

Link Linux Malware Detect to proper ClamAV location:

[html]
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
[/html]

Now when you scan it should be a good bit faster.

Written by Matt Cooper
Hi, I'm Matt Cooper. I started this blog to pretty much act as a brain dump area for things I learn from day to day. You can contact me at: matt@matthewc424.sg-host.com.