HomeTutorialsHow to Install and Configure Linux Malware Detect (LMD) on Linux

How to Install and Configure Linux Malware Detect (LMD) on Linux

You may ask, can Linux get attacked by malware? The answer is always yes. Though most of the malware is created for windows, it is possible that your Linux computer can also get attacked by malware. Linux malware detect (LMD) is a tool that can be used on the Linux system to scan, detect, and remove malware from your system. The LMD can be used as a backdoor scanner on Linux. You can also use the LMD with another antivirus to make the Linux system more secure and virus free.

How LMD Works on Linux


Simple password, spam, botnet, vulnerabilities, running infected applications can be the reason how Linux can be attacked by malware. The LMD is a real-time malware detection tool for Linux. You can use the LMD with ClamAV antivirus to make the LMD more efficient and strong.

The LMD can be used to scan and find malware on the Linux filesystem and directories. It can be programmed to scan the directory both automatically and manually. The LMD can perform static analysis, dynamic analysis, and memory analysis to detect malware on Linux. Malware can also be detected by analyzing the actions of the processor and memory unit.

There are two types of high-level malware detection methods available on Linux. They are the signature-based analysis and signature-free analysis. The signature-based analysis is the method to scan malware on databases and Linux servers. And, the signature free analysis is an alternative way to find malware by monitoring the system and devices. In this post, we will see how to install and configure LMD on Linux.

Step 1: Download LMD on Linux


The very first step of installing LMD on Linux is to download the Maldetect file on your system. If you are a Debian or Ubuntu user, I will recommend you to use the cURL tool to download the file. If you are a Red Hat, Fedora, or other Linux user, you can use either the wget command or the cURL command to download the Maldetect file.

If you find any server or network error, please use the https instead of http in the address line. You can also download the Maldetect file manually from here.

The terminal command line to download the Maldetect file is given below. Normally the file is downloaded and stored in the home directory of your Linux system. But you can create a temporary file directory to store the file.

cd /tmp/
curl -O https://www.rfxn.com/downloads/maldetect-current.tar.gz

LMD on Linux curl download

Step 2: Extract and Install LMD


Till now, we have downloaded the compressed file of Maldetect; now, we have to extract and install the LMD tool on our Linux machine. You can either use the default archive manager of Linux, or you can use the following terminal command to extract the tar file.

tar -zxvf maldetect-current.tar.gz

Now, enter the directory of the Maldetect and run the install script to initialize the installation process of LMD on your Linux machine. Don’t forget to run all the operations as a superuser.

cd maldetect-1.6.4
./install.sh

LMD on Linux install sh

After the installation is finished, you will be able to see the version and the total number of users of LMD on your Linux terminal shell. You can also check the version of LMD by performing the following terminal command.

lmd --version

Step 3: Configure LMD on Linux


After the installation is done, you can now open the configuration script to add your desired rules inside the LMD program. You can use any text editor to update the LMD configuration script. Here, I’m going to open the LMD configuration script using the GNU Nano text editor. Use the following terminal command line to open the configuration script.

nano /usr/local/maldetect/conf.maldet

LMD on Linux nano

You can configure the email alert, root directory scan, quarantine hits, malware injections, and suspend user settings by adding the following configuration script in your LMD configuration. After the configuration is placed correctly, you can save and exit the text editor. Be careful when you edit the LMD configuration script. The security of your Linux system can be compromised if you put wrong LMD settings inside the script.

# Enable Email Alerting
email_alert="1"

# Email Address in which you want to receive scan reports
email_addr="[email protected]"

# Enable scanning for root-owned files. Set 1 to disable.
scan_ignore_root="0"

# Move threats to quarantine
quarantine_hits="1"

# Clean string based malware injections
quarantine_clean="1"

# Suspend user if malware found.
quarantine_suspend_user="1"

# Minimum userid value that be suspended
quarantine_suspend_user_minuid="500"

Step 4: Get Started With LMD


After the configuration part is done, now it’s time to check the system and find some malware. We can either run an automatic malware detect daemon inside the Linux filesystem, or we can perform some quick scans. The LMD can be used to kill and remove malware from your Linux system. A few important and primary operations of LMD are given below.

Use LMD to scan the temp directory.

maldet -a /tmp

melware detect temp scan

Assign a path to scan the system

sudo maldet -a /path/to/home

Create a scan report from the scan ID

sudo maldet --report 200809-1241.5744

LMD on Linux report cardLMD on Linux report card

Perform an update check of LMD

maldet -u

Use this command to update the LMD

maldet -d

update

Run the LMD daemon in the background

maldet -b -r /home/username/

Make an index of the scanned and affected file

maldet -e list

Print the log file

maldet -l

To get more command syntax and user guide, you can check the LMD help index from the Linux terminal shell.

lmd --help

Ending Words


The LMD works with some basic principles to find malware on the Linux machine. It can monitor and read the system parameters to detect unusual activities. In this post, I have described how the LMD works on Linux. I have also explained how to install and configure the Linux Malware Detect (LMD) on Linux.

If you are running any Linux distros on a raspberry pi board, you can secure your Pi board by installing the LMD on your system. You can also protect your Linux server form malware by using the LMD on your server.

If you find this post beneficial and helpful, please share it with your friends and the Linux community. You can also write your valuable judgments in the comment segment. Please let us know which tool you are using to protect your Linux machine from malware.

 

Mehedi Hasan
Mehedi Hasan
Mehedi Hasan is a passionate enthusiast for technology. He admires all things tech and loves to help others understand the fundamentals of Linux, servers, networking, and computer security in an understandable way without overwhelming beginners. His articles are carefully crafted with this goal in mind - making complex topics more accessible.
  1. Hei,
    thank you.
    I don’t want to scan the whole computer and wait several days.
    1. Can you sent example what to do if you want to exclude some directories in /home.
    Howto find malicious files after some days and delete them after they were isolated.

  2. I’m using Linux Lite and I need a virus/malware checker to help ensure security, especially for accessing online/secure sites.

    Coming from a Windows background I find it hard to adjust to the complexity of Linux in this respect. e.g. …..with Windows its download / install and forget about it, since the software will run regular auto scans and updates for you automatically.

    With Linux however its a command line slog, even to do simple things like update virus definitions

  3. after installing maldet can not do ssh to server. i am getting everytime connection closed een after finish of the malvare check.

LEAVE A REPLY

Please enter your comment!
Please enter your name here


You May Like It!

Trending Now