How to install and use Linux Malware Detect (LMD) with ClamAV on Ubuntu 16

Try it in our public cloud & Get $50 Credit
CLAIM NOW

Though Linux is a less targeted operating system, it’s still important to monitor for malware. One of the best tools out there for doing so is Linux Malware Detect, which uses a variety of metrics to identify and remove malware. When used in conjunction with ClamAV, the well known antivirus solution for Linux (as well as Mac and Windows), Linux Malware Detect provides a very good defense against malicious software.

Getting Started

The steps of this guide requires you to have the following:
• 1 server (Cloud Server or Dedicated Server) running Ubuntu 16.
• Root access to the server

Tutorial

In order to install Linux Malware Detect, you’ll first need to download the installation tarball from the project’s web site. You can find it at this address.

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Take your tarball and extract it into /usr/src/. Change into the resulting directory.

cd /usr/src
tar -xvf maldetect-current.tar.gz
cd maldetect*

An installation script is available for you to install LMD. Run it using this command:

./install.sh

Now let’s configure our Linux Malware Detect installation. We’ll need to make a few basic modifications to the default configuration file, so go ahead and open it in a text editor:

nano /usr/local/maldetect/conf.maldet

Here are the settings as they should look:

email_alert="1"
email_addr="youremail@localhost"
quarantine_hits="1"
quarantine_clean="1"
quarantine_suspend_user="1"
scan_clamscan="1"

Next, we’ll be installing ClamAV, so that Linux Malware Detect can use it as its antivirus engine.

apt-get install clamav -y
freshclam

You can do a lot with Linux Malware Detect. Here’s a sample of some commands you may find useful.

To update the library of malware detection signatures:

maldet -u

To update Linux Malware Detect’s malware versions:

maldet -d

To scan all the files residing in a specific directory:

maldet -a /path

To put all threats that Linux Malware Detect has identified into quarantine:

maldet -q SCANID

To restore files from quarantine:

maldet –s SCANID

Conclusion

With Linux Malware Detect and ClamAV, you can rest easy knowing that you’ve got one of the premiere antimalware and antivirus solutions available for Linux. If you found this article helpful, feel free to share it with your friends and let us know in the comments below!