Install Linux Malware Detect for Debian/Ubuntu

Linux Malware Detect is an open source Malware scanner you can use to detect and clean malware infections on your WordPress (for another CMS too) web server. Linux Malware Detect is maintained by R-fx Neworks and hosted on github, they accept donations to help cover maintenance costs. This tutorial will show you how to install Linux Malware Detect for WordPress and another CMS systems on Debian, integrate it with ClamAV to speed up scanning. This should work on Ubuntu as well.

Install Linux Malware Detect

First install ClamAV as it speeds up Linux Malware Detect scanning by using its engine:

apt-get install clamav -y

Install Linux Malware Detect:

cd /tmp

wget https://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xf maldetect-current.tar.gz
rm -rf maldetect-current.tar.gz

cd maldetect*
bash install.sh

Updating Linux Malware Detect

It is critical to keep your malware detection signatures up to date. Note that the daily cronjob will do this automatically.

maldet --update-sigs

To update the Linux Malware Detect software

maldet --update-ver

Perform scans on files changed within the last 10 days with Linux Malware Detect like this:

maldet --scan-recent /var/www 10

To scan all files in a folder with Linux Malware Detect us the -a or --scan-all switch

maldet --scan-all /var/www

Configure Linux Malware Detect

nano /usr/local/maldetect/conf.maldet# Enable or disable e-mail alerts, this includes application version
# alerts as well as automated/manual scan reports. On-demand reports
# can still be sent using '--report SCANID user@domain.com'.

# [0 = disabled, 1 = enabled]

email_alert="1"

# The destination e-mail addresses for automated/manual scan reports
# and application version alerts.
# [ multiple addresses comma (,) spaced ]

email_addr="admin@wp-bullet.com"

# Ignore e-mail alerts for scan reports in which all malware hits
# have been automatically and successfully cleaned.
# [0 = disabled, 1 = enabled]

email_ignore_clean="1"

# Try to clean string based malware injections
# [NOTE: quarantine_hits=1 required]
# [0 = disabled, 1 = clean]

quarantine_clean="1"

# If installed, use ClamAV clamscan binary as default scan engine which
# provides improved scan performance on large file sets. The clamscan
# engine is used in conjunction with native ClamAV signatures updated
# through freshclam along with LMD signatures providing additional
# detection capabilities.
# [ 0 = disabled, 1 = enabled ]

scan_clamscan="1"

That' all :)