Hamsa K
6 min read | 3 years ago

How to install Linux Malware Detect with Clamav on Centos 7

Install Linux Malware Detect (LMD) on Centos 7

Linux Malware Detector is malware detector for linux opearting systems and it is released under GNU GPLv2.It is disgned for share hosting environments and it can be installed on cPanel WHM and Linux environments.

Clamav is an open source antivirus solution to detect trojans, malware, viruses and other malicious software. ClamAV supports multiple platforms including Linux, Windows, and MacOS.

Download latest version of LMD using below link.


once you downloaded extract it and run install script which exists in same directory.

[root@lampblogs ~]# cd /opt
[root@lampblogs opt]# wget https://www.rfxn.com/downloads/maldetect-current.tar.gz
[root@lampblogs opt]# tar -xvzf maldetect-current.tar.gz
[root@lampblogs opt]# cd maldetect-1.6.4/
[root@lampblogs maldetect-1.6.4]# ./install.sh

sample output:

Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service.
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <proj@r-fx.org>
            (C) 2019, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(2850): {sigup} performing signature update check...
maldet(2850): {sigup} local signature set is version 201907043616
maldet(2850): {sigup} new signature set 2019100114159 available
maldet(2850): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(2850): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(2850): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(2850): {sigup} unpacked and installed maldet-sigpack.tgz
maldet(2850): {sigup} verified md5sum of maldet-clean.tgz
maldet(2850): {sigup} unpacked and installed maldet-clean.tgz
maldet(2850): {sigup} signature set update completed
maldet(2850): {sigup} 15559 signatures (12747 MD5 | 2035 HEX | 777 YARA | 0 USER)

Configure LMD

Main configuration file for LMD is located at /usr/local/maldetect/conf.maldet.

you can modify according to your requiremnets.Below are few settings

### Enable email alert ###
###  Email Address to receive scan reports ###
###  use clamav ###
### Enable scanning for root owned files. Set 1 to disable ###
### Move threats to quarantine ###
### Clean string based malware ###
### suspend user if malware found ###
### Minimum userid value that can be suspended ###

save the file and exit.

To update the maldet use the below commands.

maldet -u or maldet -d

Install clamav:

Now we will install clamav for better scan results of LMD.

we need epel repository to install clamav.

[root@lampblogs ~]# yum install epel-release
[root@lampblogs ~]# yum install clamav clamav-devel clamav-update

update the ClamAV virus databases using freshclam command.

[root@lampblogs ~]# freshclam

Now scan directories for malware


[root@lampblogs ~]# maldet -a /var/www/html

sample output

[root@lampblogs ~]# maldet -a /var/www/html
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <proj@rfxn.com>
            (C) 2019, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(10017): {scan} signatures loaded: 15559 (12747 MD5 | 2035 HEX | 777 YARA | 0 USER)
maldet(10017): {scan} building file list for /var/www/html, this might take awhile...
maldet(10017): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(10017): {scan} file list completed in 2s, found 3 files...
maldet(10017): {scan} found clamav binary at /usr/bin/clamscan, using clamav scanner engine...
maldet(10017): {scan} scan of /var/www/html (3 files) in progress...
maldet(10017): {scan} scan completed on /var/www/html: files 3, malware hits 0, cleaned hits 0, time 282s
maldet(10017): {scan} scan report saved, to view run: maldet --report 191001-1322.10017

scan reports

LMD stores scan reports under /usr/local/maldetect/sess. Use the maldet command with SCAN ID to see the detailed scanning report.

[root@lampblogs ~]# maldet --report 191001-1322.10017

sample output:

HOST:      lampblogs.com
SCAN ID:   191001-1322.10017
STARTED:   Oct  1 2019 13:22:39 +0530
COMPLETED: Oct  1 2019 13:27:21 +0530
ELAPSED:   282s [find: 2s]
PATH:          /var/www/html

If any Hits found that files are quarantined to below path.


That's it. we successfully installed LMD on Centos 7 system.

Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy