You may be familiar with ClamAV and Maldet scanner (aka Linux Malware Detect). They're widely known as two excellent choices for identifying malware on Linux environment. What you may not realize, is that they can be team up together. The benefit of doing this is a faster, more effective malware scan, meaning; you're more likely to identify potential threats. This tutorial is based on cPanel/WHM system. We will install and configure both ClamAV and Maldet (LMD).
Installing ClamAV
Installing Maldet
- Login into your VPS via SSH as the root user.
- Run below commands to install LMD (Linux Malware Detect).
cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
Linking both ClamAV and Maldet together for the best performance
If you were to run a Linux Malware Detect scan now, it would run with no problem, however, it would not include ClamAV's definitions, therefore slowing down the scan completion time and threat detection ratio. To solve this, we must create two symbolic links, as follows:
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam
Running a malware scan
Now when you run Maldet scan, it will also include the definition of ClamAV. If you wanted to run a malware scan of /home, you just need to run below command.
maldet -a /home/?
The above command will scan all files and directories within the /home directory, which is where the content for cPanel accounts is stored.
