Bobcares
Client Area
Emergency Support
Latest | Server Management

Maldet Scan – Remove malicious files instantly!

by | Feb 27, 2020

Oops!! Frustrated with malicious files on your website? We can easily find it by Maldet Scan.

The Maldet is a malware detector that effectively detects and cleans malicious files.

Periodic scanning of website content comes as a major security practice.

At Bobcares, we often receive requests to scan websites as part of Server Management Services.

Today, let’s discuss how our Support Engineers find the infected files using Maldet.

 

Explore more about Maldet

Maldet is a commonly used abbreviation for Linux Malware Detect (LMD)  and it is a free malware scanning software for Linux servers.

Website owners use popular applications like WordPress, Joomla, etc. for easy content management. However, often they forget to upgrade these applications periodically. As a result, hackers make use of the vulnerabilities and upload malicious scripts to the server. Finally, it deforms the website with hacked content.

That’s where scanners like Maldet comes useful. It is a command-line tool that allows us to scan and secure a server with compromised websites. Moreover, the main advantage is that it can scan the entire server to find out the malicious files.

As part of standard security practice, Bobcares Engineers always recommend periodic maldet scanning. This helps to proactively remove bad content from the server.

 

How to install Maldet Scan?

So far, we saw the relevance of the Maldet scan. Now its time to see the steps to install the Maldet.

1. Initially, we login as root to the server over SSH.

2. Then we run the below command to download the archive file.

wget https://www.rfxn.com/downloads/maldetect-current.tar.gz

3. After that, we extract the files.

tar -xzf maldetect-current.tar.gz

4. After that, we move to the maldet folder.

cd maldetect-x.x.x

5. Finally to install the maldet, run the below command.

sh ./install.sh

After the installation of the Maldet in the server, we can easily find out the infected files.

 

How to Use Maldet Scan in Server?

We’ll now see how our Support Engineers find infected files on any website.

1. Initially we log in to the server in which the domain resides.

2. To run a scan for identifying the infected files, we enter the following command

maldet –a /path

Here, we specify the path as the exact folder that needs scanning. For example, to scan the home directory of a user, we set the path as /home/user/public_html

The scan results showing infected files appear as:

maldet_scan

It provides the details of scanning time, number of scanned files, number of hits and the number of cleaned files.

From the scan report, we can identify infected files. We proactively check and remove them.

If we need all scan reports and SCANID we run the following command.

maldet --report list

For the specific report details, we run the command.

maldet --report SCANID

 

Quarantine and clean affected files

Fortunately, maldet provides an option to quarantine the files and remove them. Let’s see the details about the Quarantine files option.

Quarantining means moving the affected files to a secure location. Thus it will not affect the remaining files. The major parameters are quarantine hits and quarantine clean.

  • quarantine_hits: The default value quarantine_hits is 0. When we set the value to 1, then the affected files will move to quarantine and the users do not have access to these files.
  • quarantine_clean: The default value is 0. By setting the value to 1, it will not move the affected files to quarantine and the affected files are cleaned automatically.

At times, maldet scan may wrongly mark valid files as infected. Some customers may need to inspect the malicious files manually. In such cases, we disable the Automatic quarantine. As a result, the maldet scan will not quarantine infected files. It just gives the list of file names. Thus, the customer can inspect the malicious files manually.

So we keep the quarantine_clean value as zero to inspect the file before cleaning.We change these values in the configuration file of location /usr/local/maldetect/conf.maldet.

To Clean on all malware results from a previous scan, we run the below command.

maldet –clean SCANID

 

Restore a file

Similarly, we run the below command to restore a file that we have already quarantined

maldet –restore Filename

or

maldet -s Filename

It restores the already quarantined file.

[Do you suspect file compromise on your server? Get help from our Experts.]

 

Conclusion

In short, a maldet scan helps to find infected files on a server easily. Also, we saw how our Support Engineers use the maldet utility to monitor the server.

Related posts:

  1. Install OpenVAS on CentOS 7 – An easy way to secure the server
  2. Server Hardening – A quick introduction on what it is
  3. Ignore permission denied message from find command in Linux
  4. SQL error 1071 – Quick solution

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Install OpenVAS on CentOS 7 – An easy way to secure the server
  2. Server Hardening – A quick introduction on what it is
  3. Ignore permission denied message from find command in Linux
  4. SQL error 1071 – Quick solution

Never again lose customers to poor
server speed! Let us help you.

GET STARTED