Maldet Scan – Remove malicious files instantly!
Oops!! Frustrated with malicious files on your website? We can easily find it by Maldet Scan.
The Maldet is a malware detector that effectively detects and cleans malicious files.
Periodic scanning of website content comes as a major security practice.
At Bobcares, we often receive requests to scan websites as part of Server Management Services.
Today, let’s discuss how our Support Engineers find the infected files using Maldet.
Explore more about Maldet
Maldet is a commonly used abbreviation for Linux Malware Detect (LMD) and it is a free malware scanning software for Linux servers.
Website owners use popular applications like WordPress, Joomla, etc. for easy content management. However, often they forget to upgrade these applications periodically. As a result, hackers make use of the vulnerabilities and upload malicious scripts to the server. Finally, it deforms the website with hacked content.
That’s where scanners like Maldet comes useful. It is a command-line tool that allows us to scan and secure a server with compromised websites. Moreover, the main advantage is that it can scan the entire server to find out the malicious files.
As part of standard security practice, Bobcares Engineers always recommend periodic maldet scanning. This helps to proactively remove bad content from the server.
How to install Maldet Scan?
So far, we saw the relevance of the Maldet scan. Now its time to see the steps to install the Maldet.
1. Initially, we login as root to the server over SSH.
2. Then we run the below command to download the archive file.
3. After that, we extract the files.
tar -xzf maldetect-current.tar.gz
4. After that, we move to the maldet folder.
5. Finally to install the maldet, run the below command.
After the installation of the Maldet in the server, we can easily find out the infected files.
How to Use Maldet Scan in Server?
We’ll now see how our Support Engineers find infected files on any website.
1. Initially we log in to the server in which the domain resides.
2. To run a scan for identifying the infected files, we enter the following command
maldet –a /path
Here, we specify the path as the exact folder that needs scanning. For example, to scan the home directory of a user, we set the path as /home/user/public_html
The scan results showing infected files appear as:
It provides the details of scanning time, number of scanned files, number of hits and the number of cleaned files.
From the scan report, we can identify infected files. We proactively check and remove them.
If we need all scan reports and SCANID we run the following command.
maldet --report list
For the specific report details, we run the command.
maldet --report SCANID
Quarantine and clean affected files
Fortunately, maldet provides an option to quarantine the files and remove them. Let’s see the details about the Quarantine files option.
Quarantining means moving the affected files to a secure location. Thus it will not affect the remaining files. The major parameters are quarantine hits and quarantine clean.
- quarantine_hits: The default value quarantine_hits is 0. When we set the value to 1, then the affected files will move to quarantine and the users do not have access to these files.
- quarantine_clean: The default value is 0. By setting the value to 1, it will not move the affected files to quarantine and the affected files are cleaned automatically.
At times, maldet scan may wrongly mark valid files as infected. Some customers may need to inspect the malicious files manually. In such cases, we disable the Automatic quarantine. As a result, the maldet scan will not quarantine infected files. It just gives the list of file names. Thus, the customer can inspect the malicious files manually.
So we keep the quarantine_clean value as zero to inspect the file before cleaning.We change these values in the configuration file of location /usr/local/maldetect/conf.maldet.
To Clean on all malware results from a previous scan, we run the below command.
maldet –clean SCANID
Restore a file
Similarly, we run the below command to restore a file that we have already quarantined
maldet –restore Filename
maldet -s Filename
It restores the already quarantined file.
[Do you suspect file compromise on your server? Get help from our Experts.]
In short, a maldet scan helps to find infected files on a server easily. Also, we saw how our Support Engineers use the maldet utility to monitor the server.