How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine on Fedora Server - Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Tuesday, October 22, 2019

How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine on Fedora Server

 





Installing LMD on RHEL/CentOS 7.0 and Fedora 22-24

LMD is not available from online repositories, but is distributed as a tarball from the project’s web site. The tarball containing the source code of the latest version is always available at the following link, where it can be downloaded with:

Step 1 :-  wget https://www.rfxn.com/downloads/maldetect-current.tar.gz

Step 2 :-  tar -xvf maldetect-current.tar.gz

Step 3 :-  ls -l | grep maldetect

Step 4 :-   ./install.sh

Configuring Linux Malware Detect

The configuration of LMD is handled through /usr/local/maldetect/conf.maldet and all options are well commented to make configuration a rather easy task. In case you get stuck, you can also refer to /usr/local/src/maldetect-1.4.2/README for further instructions.

In the configuration file you will find the following sections, enclosed inside square brackets:

EMAIL ALERTS
QUARANTINE OPTIONS
SCAN OPTIONS
STATISTICAL ANALYSIS
MONITORING OPTIONS

Important:-
Please note that quar_clean and quar_susp require that quar_hits be enabled (=1).

Summing up, the lines with these variables should look as follows in /usr/local/maldetect/conf.maldet:

Installing ClamAV on RHEL/CentOS 7.0 and Fedora 22-25

Step 4:- Create the repo file /etc/yum.repos.d/dag.repo:

Step 5:- yum update && yum install clamd


Step 9:-  Testing Linux Malware Detect
wget http://www.eicar.org/download/eicar.com
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip
# wget http://www.eicar.org/download/eicarcom2.zip

Step 10:- maldet --scan-all /var/www/

Step 11:- maldet --scan-all /var/www/*.zip

Step 12:- maldet --report xxxxx-xxxx.xxxx      ---  (view the report )

Step 13:- ls –l        ---  (check the quarantine folder )

Step 14:- rm -rf /usr/local/maldetect/quarantine/*     ---  (remove all quarantined files)

Step 15:- maldet --clean SCANID