Maldet (Linux Malware Detect):-
Maldet is a malware detector which is mainly used in Linux based servers. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. It will be very useful for those who are managing shared linux hosting servers. As many a time an account is compromised with infected files and some malware files are there in it. By using Maldet you can easily detect the files and also can remove those files or quarantine them.
A lot of switches and options are available with Maldet. let us check all the switches/options of maldet with example.
1). -b, –background :
This command will execute operations in the background. It is suitable for large scans
Example:
[root@hoststud ~]# maldet -b -r /home/hoststud/
2). -u, –update :
This command will update malware detection signatures from rfxn.com
3). -d, –update-ver
This command will update the installed version from rfxn.com
Example:
[root@hoststud ~]# maldet -d
4). -m, –monitor USERS|PATHS|FILE
This command will run maldet with inotify kernel level file create/modify monitoring
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton
Example:
[root@hoststud ~]# maldet -m /home/hoststud/
5). -k, –kill
This command will terminate inotify monitoring service
Example:
[root@hoststud ~]# maldet -k
6). -r, –scan-recent PATH DAYS
This command will scan files created/modified in the last X days (default: 7d, wildcard: ?)
e.g: maldet -r /home/?/public_html 2
7). -a, –scan-all PATH
This command will scan all files in path (default: /home, wildcard: ?)
e.g: maldet -a /home/?/public_html
8). -c, –checkout FILE
This command will upload suspected malware to rfxn.com for review & hashing into signatures
9). -l, –log
This command will view maldet log file events.
Example:
[root@hoststud ~]# maldet -l
10). -e, –report SCANID email
This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.
e.g: maldet –report
e.g: maldet –report list
e.g: maldet –report 08594-19634.85478
e.g: maldet –report SCANID user@domain.com
11). -s, –restore FILE|SCANID
This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 08594-19634.85478
12). -q, –quarantine SCANID
This command will quarantine all malware from report SCANID
e.g: maldet –quarantine 08594-19634.85478
13). -n, –clean SCANID
This command will try to clean & restore malware hits from report SCANID
e.g: maldet –clean 08594-19634.85478
14). -U, –user USER
This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 08594-19634.85478
15). -p, –purge
This command will clear logs, quarantine queue, session and temporary data.
Maldet is a malware detector which is mainly used in Linux based servers. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. It will be very useful for those who are managing shared linux hosting servers. As many a time an account is compromised with infected files and some malware files are there in it. By using Maldet you can easily detect the files and also can remove those files or quarantine them.
A lot of switches and options are available with Maldet. let us check all the switches/options of maldet with example.
1). -b, –background :
This command will execute operations in the background. It is suitable for large scans
Example:
[root@hoststud ~]# maldet -b -r /home/hoststud/
2). -u, –update :
This command will update malware detection signatures from rfxn.com
3). -d, –update-ver
This command will update the installed version from rfxn.com
Example:
[root@hoststud ~]# maldet -d
4). -m, –monitor USERS|PATHS|FILE
This command will run maldet with inotify kernel level file create/modify monitoring
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton
Example:
[root@hoststud ~]# maldet -m /home/hoststud/
5). -k, –kill
This command will terminate inotify monitoring service
Example:
[root@hoststud ~]# maldet -k
6). -r, –scan-recent PATH DAYS
This command will scan files created/modified in the last X days (default: 7d, wildcard: ?)
e.g: maldet -r /home/?/public_html 2
7). -a, –scan-all PATH
This command will scan all files in path (default: /home, wildcard: ?)
e.g: maldet -a /home/?/public_html
8). -c, –checkout FILE
This command will upload suspected malware to rfxn.com for review & hashing into signatures
9). -l, –log
This command will view maldet log file events.
Example:
[root@hoststud ~]# maldet -l
10). -e, –report SCANID email
This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.
e.g: maldet –report
e.g: maldet –report list
e.g: maldet –report 08594-19634.85478
e.g: maldet –report SCANID user@domain.com
11). -s, –restore FILE|SCANID
This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 08594-19634.85478
12). -q, –quarantine SCANID
This command will quarantine all malware from report SCANID
e.g: maldet –quarantine 08594-19634.85478
13). -n, –clean SCANID
This command will try to clean & restore malware hits from report SCANID
e.g: maldet –clean 08594-19634.85478
14). -U, –user USER
This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 08594-19634.85478
15). -p, –purge
This command will clear logs, quarantine queue, session and temporary data.