Scan for Malware and Viruses on CentOS using ClamAV and Linux Malware Detect

Linux Malware Detect and ClamAV are two effective tools to easily scan for malware and viruses on a VPS server. In this article, we are going to install both programs on CentOS. These steps will work on both CentOS 6 and 7.

1. Install Linux Malware Detect

Install Linux Malware Detect from the official website. At the time of writing, the current version is maldetect-1.4.2.


wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

tar -xvf maldetect-current.tar.gz

cd maldetect-1.4.2

./install.sh

Once the installation finishes, Linux Malware Detect will automatically create a daily cronjob task.

2. Configure Linux Malware Detect

All configuration settings of Linux Malware Detect are stored in the file /usr/local/maldetect/conf.maldet.
Configure the following subset of options:


email_alert=1

email_addr=youremail@localhost

email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"

quar_hits=1

quar_clean=1

clam_av=1

For the values below, 1=true and 0=false.

1. email_alert=1: If you want to receive notifications via email.
2. email_addr=youremail@localhost: Enter your email address.
3. email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)" : Email subject of the notification.
4. quar_hits=1: Move the malware to quarantine.
5. quar_clean=1: Delete any malware detected.
6. clamav_scan=1: Use ClamAV's malware library to scan.

3. Install ClamAV

Installing ClamAV helps Linux Malware Detect to scan processes faster and more effectively. First, we need to install the EPEL repo:


yum install epel-release

Then, we install ClamAV with the following command:


yum update && yum install clamav

4. How To Use Linux Malware Detect

After finishing the installation process, you are able to use Linux Malware Detect to scan for malware.

To scan a folder, use this command:


maldet --scan-all /home/domain.com/public_html

If you only want to scan some specified file types (.php for example), you can use the following command:


maldet --scan-all /home/domain.com/public_html/*.php

To view a scanning report, use the following command. Replace 14715-1421.3219 with the scan ID.


maldet --report 14715-1421.3219

You can update Linux Malware Detect by running:


maldet -u

To delete all quarantined files:


rm -rf /usr/local/maldetect/quarantine/*

 

  • Scan for Malware, Scan for viruses, Scan for Malware and Viruses on CentOS, ClamAV, Linux Malware Detect
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

How to Access your Folders(Linux/Centos) using WinSCP

Guide on how to access the folders in your vps linux! This is the easiest way, First make sure...

How to traceroute your VPS IP?

How to Use the Traceroute Command Traceroute is a command which can show you the path a...

Command line bandwidth monitors for Linux

If you are a Sysadmin, monitoring bandwidth usage on your server is an important task. We agree...

Check the RAM Usage in Linux

1. Login to your VPS using Putty. 2. Type: free -m

How to do “mysqladmin flush-hosts” on VPS server?

How to fix this error "MySQL Database Error: Host '127.0.0.1' blocked because of many...