How to install and configure Linux Malware Detect (LMD) on Centos Web Panel(CWP) 7 with alert?

Let’s talk about how to install and configure Linux Malware Detect (LMD) on Centos Web Panel(CWP) 7 with alert?

Linux Malware Detect(LMD) is a malware detector and scanner for Linux, designed for shared hosting environments. LMD is released under GNU GPLV2 license, it can be installed on cPanel, WHM and Linux environments with together other detection tools such as ClamAV.

CWP doesn’t provide LMD service in it’s free version, it asks to take CWP pro for LMD service. You can install it from the terminal and scan for malware present in your server.

Prerequisite

CWP

Terminal access

Root user (If not use sudo)

ClamAV

Install Linux Malware Detect (LMD)

Linux Malware Detect is not available in CentOS or Epel repository, you need to install it manually from source, by using the following command:

First, go inside tmp directory,

# cd /tmp

Now download and extract it from the source with the help of wget command:

# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

# tar -xzvf maldetect-current.tar.gz

After downloaded go inside the maldetect directory and run the install script with the following command:

# cd maldetect-*

# ./install.sh

Now make a symlink of the maldet command in the /bin/maldet

# ln -s /usr/local/maldetect/maldet /bin/maldet

# hash -r

Configure Linux Malware Detect (LMD)

LMD has been installed into the /usr/local/maldet/ directory. Open the directory and edit the configuration file conf.maldet with vi editor:

# cd /usr/local/maldetect/

# vi conf.maldet

In this file, edit the following lines to enable various feature and alerts
Enable email alert by changing the value to 1 :
email_alert=”1”
Type your email address :
email_alert=”your@domain.com’

We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. Change value to 1:
scan_clamscan=”1”
Next, enable quarantining to move malware to the quarantine automatically during the scan process. Chang value to 1:
quarantine_hits=”1”
Change value to 1, to enable clean based malware injections.
quarantine_clean=”1”

Save and exit, you can also change other values based on your requirement.

Testing Linux Malware Detect(LMD)

For testing LMD manual scan with the maldet command, you will use the maldet command to scan the web directory ‘/var/www/html’.
Download some malware file with the help of following commands in web root directory:
# cd /var/www/html
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip

Next, scan the web root directory with the maldet command:

# maldet -a /var/www/html

Check the scan report with the following command:

# maldet –report 18882——-*

Other LMD Command

To ensure Maldet is up-to-date, run the command below:

# maldet -u

You can see the details of the option available by running the following command:

# maldet -h

Perform a scan for specific file extension only:

# maldet -a /var/www/html*.php

Get a list of all reports:

# maldet -e list

Restore files from the quarantine directory.

# maldet -s SCANID

Enable monitoring of a directory.
# maldet -m /var/www/html

CONCLUSION-

The above configuration will show how to configure Linux Malware Detect in CWP and scan for malware data in your server.