How to Run Malware Scan on Linux

There are many available malware scanning tools, but the easiest to install, configure, and use is Maldet.

 

CentOS Install Instructions

To begin your installation, simply copy the below text as is, and paste into your SSH client.

Once this completes, update to the latest virus signatures and update:

It is recommended to install ClamAV with Maldet to improve the overall scan ability as well as speed. To install on CentOS, you first need to add the epel repo:

Next you will install the package with:

Now your Maldet scans will run much more quickly, and no additional configuration is needed to connect ClamAV and Maldet.

 

Ubuntu/Debian Installation Instructions

To install to Ubuntu, you first need to download the installation package:

You then need to extract the installation files:

Go to the extracted directory and install:

It is recommended to install ClamAV with Maldet to improve the overall scan ability as well as speed, to install ClamAV you just need to run it’s install package:

Now your Maldet scans will run much more quickly, and no additional configuration is needed to connect ClamAV and Maldet.

 

Configuration

The following portion is identical for both CentOS and Ubuntu/Debian.

To configure, locate the conf file and open with your preferred text editor, in this example we are using nano:

From here you can set the quarantine options, as well as set up emails so you can scan results as soon as completed.

  • email_alert : To receive email alerts, set this value to 1.
  • email_subj : Set your email subject here.
  • email_addr : Add your email address to receive notifications by email.
  • quar_hits : The default quarantine action for malware hits, this should be set 1.
  • quar_clean : Cleaning detected malware injections, this should be set to 1.
  • quar_susp : The default suspend action for users with hits, generally not recommended.
  • quar_susp_minuid : Minimum userid that can be suspended, can be left at default.

You can also automate the scanning process by creating a cron job to run the scan once a day.

 

Performing Malware Scans Manually

You can run a scan at anytime, and the usage couldn’t be simpler. While in SSH, you can either run a scan in the background(you won’t see this on screen, and if you added your email in the configuration file noted above, you will get an email notice once completed with the results). The background scan is performed as:

You can also run a scan in the foreground, which will output your results on screen, this is called with:

Share:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.