Saturday, February 25, 2012

Installation of Linux Malware Detect or maldet

Sponsored Links
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Some other antivirus scanners are rkhunter and chkrootkit.



Site links is given below :
http://www.rfxn.com/projects/linux-malware-detect/

Download and install:
[root@server maldetect-1.4.1]# cd /usr/local/src/
[root@server maldetect-1.4.1]# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Untar the package
[root@server maldetect-1.4.1]# tar zxvf maldetect-current.tar.gz
[root@server maldetect-1.4.1]# cd maldetect-1.4.1/
[root@server maldetect-1.4.1]# ls
CHANGELOG  COPYING.GPL  cron.daily  cron.d.pub  files  install.sh  README

Run installer script
[root@server maldetect-1.4.1]# ./install.sh
Linux Malware Detect v1.4.1
            (C) 2002-2011, R-fx Networks <proj@r-fx.org>
            (C) 2011, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(5242): {sigup} performing signature update check...
maldet(5242): {sigup} local signature set is version 2012022424364
maldet(5242): {sigup} latest signature set already installed
[root@server maldetect-1.4.1]#

Now run the scan. -a  option is forscan all under dir "/"
[root@server ~]# maldet -a /
Linux Malware Detect v1.4.1
            (C) 2002-2011, R-fx Networks <proj@r-fx.org>
            (C) 2011, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(5503): {scan} signatures loaded: 8887 (7023 MD5 / 1864 HEX)
maldet(5503): {scan} building file list for /, this might take awhile...
maldet(5503): {scan} file list completed, found 77829 files...
maldet(5503): {scan} 77829/77829 files scanned: 1 hits 0 cleaned
maldet(5503): {scan} scan completed on /: files 77829, malware hits 1, cleaned hits 0
maldet(5503): {scan} scan report saved, to view run: maldet --report 022412-2111.5503
maldet(5503): {scan} quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 022412-2111.5503
[root@server ~]#

To veiw the report
[root@server ~]# maldet --report 022412-2111.5503
malware detect scan report for server.lap.work:
SCAN ID: 022412-2111.5503
TIME: Feb 25 01:22:52 +0530
PATH: /
TOTAL FILES: 77829
TOTAL HITS: 1
TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 022412-2111.5503
FILE HIT LIST:
{MD5}gzbase64.inject.unclassed.558 : /usr/local/src/maldetect-1.4.1/files/clean/gzbase64.inject.unclassed
===============================================
Linux Malware Detect v1.4.1 < proj@rfxn.com >

Recommended Reading

1. Norton AntiVirus 2012 1User [Download]
2. Kaspersky Anti-Virus 2012 - 3 Users
3. McAfee Antivirus Plus 2012 - 3 Users

Sponsored Links

2 comments:

  1. is this only for linux with a server ?

    ReplyDelete

Be nice. That's all.