Linux Malware Detect (LMD, or
maldet) allows you to easily spot malware within your website files.
Its developer, R-fx Networks, maintains high-quality malware definitions. Whether you suspect malware in your site, or intend to tighten your website’s security – Malware Detect is a must-have / must-use software.
Installing Malware Detect (maldet)
Setup GetPageSpeed repository
yum install https://extras.getpagespeed.com/release-el7-latest.rpm
Install Malware Detect
yum install maldet
Upon installing the package, it will immediately download its definition updates.
This will install few dependent packages which ensure the efficiency of scanning (namely
clamav scanner and
Use Malware Detect
Scan a directory for malware
Now that Malware Detect is installed, you can scan a directory for malware like this:
maldet --scan-all /var/www
Continuously watch directories for malware
One great feature of Malware Detect is being able to scan an entire directory for new/changed files.
This is especially useful for WordPress websites or other well-known CMS-es where each plugin contributes to lessened security. If you have a vulnerable plugin and hackers are able to upload malware, then it can be automatically cleaned up by Malware Detect.
To setup monitoring, edit
/etc/maldet/maldet.conf and uncomment either of the lines:
# default_monitor_mode="users" # default_monitor_mode="/var/lib/maldet/monitor_paths"
default_monitor_mode="users" the scanning is most appropriate for cPanel servers, as this will result in continuous watching of files within each directory
If you choose
default_monitor_mode="/var/lib/maldet/monitor_paths" then you can specify exact directories you want to be scanned by editing
So you can edit
/var/lib/maldet/monitor_paths and specify each monitored directory on a new line like this:
Make sure that the directories you specify actually exist, or else the monitoring service will fail to start.
Enable and start malware monitoring
systemctl enable maldet systemctl start maldet
It is important to understand the differences between
clamd. When we installed Malware Detect,
clamav was installed as dependency package. It is meant primarily for one-off scanning, and will help to improve performance of manual Malware Detect scans, e.g. launched via
In case of continuous file monitoring, you may want to additionally install
clamd package which contains the scanning daemon. Having it installed as well, will make
maldet monitoring more efficient.
clamd scanning service will be covered in future posts. Stay tuned!
Also published on Medium.