opened image

    To ensure anti-virus protection of a server with a Linux operating system (in this article we will talk about most distribution options), there are software products that can work standalone or be built into the server control panel. We will look at installing and configuring a standalone Linux Malware Detect (Maldet) virus scanner.


    Features and functionality:


    Maldet is an antivirus scanner with the following features:


    1. Scan the entire server (or individual folders) for suspicious files;


    2. Disinfect infected files and/or send them to quarantine. This is an important feature that ensures that the virus does not spread throughout the server;


    3. Check only those files that were created a certain time ago. This feature allows you to effectively use the antivirus without loading the server during daily scheduled scans;


    4. Monitor certain folders on an ongoing basis, as well as correctly handle exceptions previously described by the administrator.




    Let's run the commands to install Maldet on the server:


    Let's go to the installation folder:

    cd /usr/local/src/


    Download the installation scripts to the server from the official site:





    Unzip the resulting archive


    tar -zxvf maldetect-current.tar.gz



    go to the folder with the installation scripts and run the installation of Maldet


    cd maldetect-*/





    The program (executable file) is placed by the installation script in the /usr/local/maldetect/maldet folder and a symlink is created to this file in the /usr/local/sbin/maldet folder.


    In addition, a task is immediately created in the /etc/cron.daily/maldet scheduler for daily antivirus checks. If you do not need daily checks on the server, you can move or delete this file.


    How to use Maldet.


    We strongly recommend that before you start checking the server for viruses, especially if the "cure" option is enabled (described below), create a snapshot (relevant for virtual server services).


    Let's consider the basic, most necessary commands for working with Maldet antivirus.


    1. Update the virus signature databases (although, immediately after installing the antivirus, everything is up to date)


    maldet -u


    2. Start scanning a specific directory


    maldet -a /home/admin/web



    After the scan is completed, the antivirus will provide a report and a unique ID of this report, which can be used later in useful functions.


    maldet(27233): {scan} scan report saved, to view run: maldet --report 125478-0205.34521


    3. Move all detected suspicious files to quarantine


    maldet -q 125478-0205.34521


    4. Clean up quarantined infected files


    maldet -n 125478-0205.34521


    If the "treatment" is successful, the file will be automatically moved from the quarantine


    It should be noted that an antivirus can not always correctly "cure" a file from malicious code. Use this feature carefully.


    5. Restore all quarantined files of a specific report


    maldet -s 125478-0205.34521


    or restore only one file


    maldet -s /home/admin/web/[ublic_html/index.php


    6. You can also view a list of previously created reports


    maldet -e list



    or open one of the reports


    maldet -e 125478-0205.34521


    Configuring Maldet Antivirus


    All the necessary settings are in one file /usr/local/maldetect/conf.maldet, thematically structured. there is a description of each parameter. In addition, the team


    maldet -h


    displays hints for the program



    In the configuration file, in the General Options section, you can specify whether to send reports to the administrator by email after the scan is completed.


    An important option, which must be enabled carefully (default - disabled)




    It allows you to "cure" infected objects during scanning. Changes in files after disinfection cannot be rolled back.


    Also in the same configuration file there are options that allow you to fine-tune the operation of the scanner: for example, specify scan exclusions for files or folders, which folders to include in constant monitoring, or whether only folders of server users should be checked.


    In general, we recommend using Maldet as a scanner to detect potential threats on the server.