Maldet - Malware detection in Linux
Maldet is a software that will help us detect the malware that exists in our Linux equipment. It is very useful at the server level.
Malware in Linux
Computers with a Linux operating system can also have malware, this is not exclusive to Windows operating systems. Until now we were clear that in Windows there was malware and we had a series of tools to eliminate it, such as adwcleaner , antimalware bytes, ... but in Linux we did not have much experience to eliminate it, normally they usually enter by the use of cms, WordPress type and Joomla, either by using an incorrect configuration at the level of permissions or by plugins or extensions used that are vulnerable, not entirely secure or outdated.
Remove malware in Linux
To eliminate malware in Linux, we have several options, manually trying to find possible file-type vulnerabilities that are dedicated to sending spam emails in php files, looking for code patterns in these files, with the grep or find instructions.
With antivirus like clamscan / ClamAV that perform recursive searches in files finding suspicious files.
With search extensions in the main cms such as wordpress (wordfence, ...) or Joomla (centrora security) that perform scans of a whole website and detect if there is any vulnerability, some modified file on the original version, some incorrect file that is on our site and should not be there, ...
Maldet, an essential tool to eliminate malware in Linux
We have Maldet, an antimalware tool that will help us a lot in this task of eliminating compromised software, Maldet is what is called the software executable called Linux Malware Detect (LMD) , and that was initially born for CentOS operating systems, but it works for all Linux distributions: Debian, Ubuntu, ...
If we have ClamAV antivirus software installed, the performance will increase substantially. Both are compatible and Maldet is complemented by the Clamav Scanner Engine, much more powerful than the LMD.
First of all we will proceed to download the latest version from its website: URL Linux Malware Detect. Unzip the file and launch the execution of the installation.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xvfz maldetect-current.tar.gz
cd maldetect-1.6.2 /
./install.sh
# Access the configuration file and enable the options that are interesting for the correct operation.
nano /usr/local/maldetect/conf.maldet
Once we have configured the desired options, we will proceed to update it.
If we launch the maldet executable with the -u option, the database will be updated. With the -d option the software will be updated to the latest version, which in this case is 1.6.2.
With the -a option, followed by the folder that you want to scan, the scan will be performed. It will show us a scanner in progress message. And at the end it will show us the results obtained on the screen and it will indicate a report number, which we will be able to consult later with the -report option and the number that it indicates. In this way we can see what files are compromised and proceed to analyze or delete them.
If the last scan has detected malicious files we can eliminate them with the maldet -n option. Always based on the last scan, if what we want is another different scan we can do it manually analyzing the indicated report.
In short, LMD is a powerful tool specialized in web servers and that will help us in the task of eliminating possible infections.