{"id":1172,"date":"2018-09-19T10:45:27","date_gmt":"2018-09-19T05:15:27","guid":{"rendered":"https:\/\/www.coimbatorewebhosting.com\/blog\/?p=1172"},"modified":"2019-04-09T10:39:05","modified_gmt":"2019-04-09T05:09:05","slug":"install-malware-detect-on-centos","status":"publish","type":"post","link":"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/","title":{"rendered":"Easy way to install Linux Malware Detect on CentOS 7"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Easy_way_to_install_Linux_Malware_Detect_on_CentOS_7\" >Easy way to install Linux Malware Detect on CentOS 7<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Step_1_%E2%80%93_Install_Epel_repository_and_Mailx\" >Step 1 &#8211; Install Epel repository and Mailx<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Step_2_%E2%80%93_Install_Linux_Malware_Detect_LMD\" >Step 2 &#8211; Install Linux Malware Detect (LMD)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Step_3_%E2%80%93_Configure_Linux_Malware_Detect_LMD\" >Step 3 &#8211; Configure Linux Malware Detect (LMD)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Step_4_%E2%80%93_Install_ClamAV\" >Step 4 &#8211; Install ClamAV<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Step_5_%E2%80%93_Testing_LMD_and_ClamAV\" >Step 5 &#8211; Testing LMD and ClamAV<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/coimbatorewebhosting.com\/blog\/install-malware-detect-on-centos\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"Easy_way_to_install_Linux_Malware_Detect_on_CentOS_7\"><\/span><span style=\"text-decoration: underline;\">Easy way to install Linux Malware Detect on CentOS 7<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p>In this post, we will install Linux Malware Detect with\u00a0ClamAV\u00a0on\u00a0CentOS 7.<\/p>\n<p>Linux Malware Detect (LMD) is malware identifier and scanner for Linux, intended for shared facilitating situations. LMD is discharged under GNU GPLV2 permit, it very well may be introduced on cPanel WHM and Linux conditions with together other recognition devices, for example, ClamAV.<\/p>\n<p><strong>Clam AntiVirus (ClamAV)<\/strong>\u00a0is an open source antivirus solution to detect trojans, malware, viruses and other malicious software. ClamAV supports multiple platforms including Linux, Windows, and MacOS.<\/p>\n<p>In this tutorial, I will show you how to install Linux Malware Detect (LMD) with Clam AntiVirus (ClamAV). I will use CentOS 7 as the operating system.<\/p>\n<p><strong>Prerequisite<\/strong><\/p>\n<ul>\n<li>CentOS 7<\/li>\n<li>Root privileges<\/li>\n<\/ul>\n<p>system.<\/p>\n<p><strong>Prerequisite<\/strong><\/p>\n<ul>\n<li>CentOS 7<\/li>\n<li>Root privileges<\/li>\n<\/ul>\n<h3 id=\"step-install-epel-repository-and-mailx\"><span class=\"ez-toc-section\" id=\"Step_1_%E2%80%93_Install_Epel_repository_and_Mailx\"><\/span>Step 1 &#8211; Install Epel repository and Mailx<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Install the Epel (Extra Packages for Enterprise Linux) repository and the\u00a0mailx command with yum. We need mailx installed on the system so that LMD can send the scan reports to your email address.<\/p>\n<pre class=\"command\">yum -y install epel-release<\/pre>\n<p>Install mailx so we can use the mail command on CentOS 7:clear<\/p>\n<pre>yum -y install mailx<\/pre>\n<h3 id=\"step-install-linux-malware-detect-lmd\"><span class=\"ez-toc-section\" id=\"Step_2_%E2%80%93_Install_Linux_Malware_Detect_LMD\"><\/span>Step 2 &#8211; Install Linux Malware Detect (LMD)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Linux Malware Detect is not available in CentOS or Epel repository, we need to install it manually from source.<\/p>\n<p>Download LMD and extract it:<\/p>\n<pre class=\"command\">cd \/tmp\r\nwget http:\/\/www.rfxn.com\/downloads\/maldetect-current.tar.gz\r\ntar -xzvf maldetect-current.tar.gz<\/pre>\n<p>Go to the maldetect directory and run the installer script &#8216;install.sh&#8217; as root:<\/p>\n<pre class=\"command\">cd maldetect-1.6.3\r\n.\/install.sh<\/pre>\n<p>Next, make a symlink to the maldet command in the \/bin\/ directory:<\/p>\n<p class=\"command\">ln -s \/usr\/local\/maldetect\/maldet \/bin\/maldet<br \/>\nhash -r<\/p>\n<pre>[root@vpstestxxxx home]# cd maldetect-1.6.3\/\r\n[root@vpstestxxxx maldetect-1.6.3]# .\/install.sh\r\nCreated symlink from \/etc\/systemd\/system\/multi-user.target.wants\/maldet.service to \/usr\/lib\/systemd\/system\/maldet.service.\r\nLinux Malware Detect v1.6\r\n(C) 2002-2018, R-fx Networks &lt;proj@r-fx.org&gt;\r\n(C) 2018, Ryan MacDonald &lt;ryan@r-fx.org&gt;\r\nThis program may be freely redistributed under the terms of the GNU GPL\r\n\r\ninstallation completed to \/usr\/local\/maldetect\r\nconfig file: \/usr\/local\/maldetect\/conf.maldet\r\nexec file: \/usr\/local\/maldetect\/maldet\r\nexec link: \/usr\/local\/sbin\/maldet\r\nexec link: \/usr\/local\/sbin\/lmd\r\ncron.daily: \/etc\/cron.daily\/maldet\r\nmaldet(7862): {sigup} performing signature update check...\r\nmaldet(7862): {sigup} local signature set is version 201809014081\r\nmaldet(7862): {sigup} new signature set 2018091610024 available\r\nmaldet(7862): {sigup} downloading https:\/\/cdn.rfxn.com\/downloads\/maldet-sigpack.tgz\r\nmaldet(7862): {sigup} downloading https:\/\/cdn.rfxn.com\/downloads\/maldet-cleanv2.tgz\r\nmaldet(7862): {sigup} verified md5sum of maldet-sigpack.tgz\r\nmaldet(7862): {sigup} unpacked and installed maldet-sigpack.tgz\r\nmaldet(7862): {sigup} verified md5sum of maldet-clean.tgz\r\nmaldet(7862): {sigup} unpacked and installed maldet-clean.tgz\r\nmaldet(7862): {sigup} signature set update completed\r\nmaldet(7862): {sigup} 15478 signatures (12667 MD5 | 2034 HEX | 777 YARA | 0 USER)\r\n[root@vpstestxxxx maldetect-1.6.3]#\r\n[root@vpstestxxxx maldetect-1.6.3]# ln -s \/usr\/local\/maldetect\/maldet \/bin\/maldet\r\n[root@vpstestxxxx maldetect-1.6.3]# hash -r<\/pre>\n<h3 id=\"step-configure-linux-malware-detect-lmd\"><span class=\"ez-toc-section\" id=\"Step_3_%E2%80%93_Configure_Linux_Malware_Detect_LMD\"><\/span>Step 3 &#8211; Configure Linux Malware Detect (LMD)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>LMD has benn installed into the &#8216;\/usr\/local\/maldet\/&#8217; directory. Go to that directory and edit the configuration file &#8216;conf.maldet&#8217;<\/p>\n<pre class=\"command\">cd \/usr\/local\/maldetect\/\r\nnano conf.maldet<\/pre>\n<p>Enable email alert by changing the value to &#8216;<strong>1<\/strong>&#8216; on line 16.<\/p>\n<pre class=\"system\">email_alert=\"1\"<\/pre>\n<p>Type in your email address on line 21.<\/p>\n<pre class=\"system\">email_addr=\"maldetect@coimbatorewebhosting.com\"<\/pre>\n<p>We will use the ClamAV clamscan binary as default scan engine\u00a0because it provides a high-performance scan on large file sets.\u00a0 Change value to &#8216;<strong>1<\/strong>&#8216; on line 114.<\/p>\n<pre class=\"system\">scan_clamscan=\"1\"<\/pre>\n<p class=\"system\"><span class=\"co1\">Enable scanning for root owned files. Set 1 to disable.<\/span><\/p>\n<pre class=\"system\"><span class=\"\">scan_ignore_root=<\/span><span class=\"st0\">\"0\"<\/span><\/pre>\n<p>Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to &#8216;<strong>1<\/strong>&#8216; on line 180.<\/p>\n<pre class=\"system\">quarantine_hits=\"1\"<\/pre>\n<p>Change value to 1 on line 185 to enable clean based malware injections.<\/p>\n<pre class=\"system\">quarantine_clean=\"1\"<\/pre>\n<p>Save and exit.<\/p>\n<h3 id=\"step-install-clamav\"><span class=\"ez-toc-section\" id=\"Step_4_%E2%80%93_Install_ClamAV\"><\/span>Step 4 &#8211; Install ClamAV<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In this step, we will install <a href=\"https:\/\/www.clamav.net\/\" rel=\"nofollow noopener\" target=\"_blank\">Clam AntiVirus<\/a> or ClamAV to get the best scanning results of LMD. ClamAV is available in the Epel repository (that we&#8217;ve installed in the first step).<\/p>\n<p>Install ClamAV and ClamAV devel with yum:<\/p>\n<pre class=\"command\">yum -y install clamav clamav-devel<\/pre>\n<p>After ClamAV has been installed, update the ClamAV virus databases with the\u00a0freshclam command:<\/p>\n<pre class=\"command\">freshclam<\/pre>\n<pre>[root@vpstestxxxx maldetect]# freshclam\r\nClamAV update process started at Wed Sep 26 13:07:29 2018\r\nDownloading main.cvd [100%]\r\nmain.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)\r\nDownloading daily.cvd [100%]\r\ndaily.cvd updated (version: 24983, sigs: 2100133, f-level: 63, builder: raynman)\r\nDownloading bytecode.cvd [100%]\r\nbytecode.cvd updated (version: 327, sigs: 91, f-level: 63, builder: neo)\r\nDatabase updated (6666473 signatures) from database.clamav.net (IP: 104.16.189.138)\r\n[root@vpstestxxxx maldetect]#<\/pre>\n<h3 id=\"step-testing-lmd-and-clamav\"><span class=\"ez-toc-section\" id=\"Step_5_%E2%80%93_Testing_LMD_and_ClamAV\"><\/span>Step 5 &#8211; Testing LMD and ClamAV<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We will test an LMD manual scan with the\u00a0maldet command. We will use the\u00a0maldet command to scan the web directory &#8216;\/var\/www\/html\/&#8217;.<\/p>\n<p>Go to the web root directory and download some sample malware (eicar) with wget:<\/p>\n<pre>cd \/var\/www\/html\r\nwget http:\/\/www.eicar.org\/download\/eicar.com.txt\r\nwget http:\/\/www.eicar.org\/download\/eicar_com.zip\r\nwget http:\/\/www.eicar.org\/download\/eicarcom2.zip<\/pre>\n<p>Next, scan the web root directory with the\u00a0maldet command below:<\/p>\n<pre class=\"command\">maldet -a \/var\/www\/html<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-1179 size-full\" src=\"https:\/\/www.coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport.png\" alt=\"malware detect\" width=\"893\" height=\"468\" srcset=\"https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport.png 893w, https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport-300x157.png 300w, https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport-768x402.png 768w\" sizes=\"auto, (max-width: 893px) 100vw, 893px\" \/><\/p>\n<p>You can see that LMD is using the ClamAV scanner engine to perform the scan, and there are &#8216;malware hits 3&#8217; and the malware files were automatically moved to the quarantine directory.<\/p>\n<p>Check the scan report with the command below:<\/p>\n<pre class=\"command\">maldet --report 180926-1320.9611<\/pre>\n<p><em>SCANID = 180926-1320.9611 is found in the Maldet output.<\/em><\/p>\n<h3><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-1184\" src=\"https:\/\/www.coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport2-1.png\" alt=\"\" width=\"1325\" height=\"416\" srcset=\"https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport2-1.png 1325w, https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport2-1-300x94.png 300w, https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport2-1-768x241.png 768w, https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/scanreport2-1-1024x321.png 1024w\" sizes=\"auto, (max-width: 1325px) 100vw, 1325px\" \/><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In this article we have discussed how to install and configure\u00a0<b>Linux Malware Detect<\/b>, along with\u00a0<b>ClamAV<\/b>, a powerful ally. With the help of these 2 tools, detecting malware should be a rather easy task.<\/p>\n<p>If you satisfy with the above post feel free to share your comments.And to know about zabbix 3.4 <a href=\"https:\/\/www.coimbatorewebhosting.com\/blog\/how-to-install-and-configure-zabbix-on-centos-7\/\">click here.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Easy way to install Linux Malware Detect on CentOS 7 In this post, we will install Linux Malware Detect with\u00a0ClamAV\u00a0on\u00a0CentOS 7. Linux Malware Detect (LMD) is malware identifier and scanner for Linux, intended for shared facilitating situations. LMD is discharged under GNU GPLV2 permit, it very well may be introduced [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1187,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[153],"tags":[127,126],"class_list":["post-1172","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos-7-rhel-7","tag-clam-antivirus","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/coimbatorewebhosting.com\/blog\/wp-content\/uploads\/2018\/09\/clam_av.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pa2YU7-iU","_links":{"self":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=1172"}],"version-history":[{"count":0,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/posts\/1172\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/media\/1187"}],"wp:attachment":[{"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=1172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=1172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coimbatorewebhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=1172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}