Install ClamAV Maldet
Maldet is a great tool which can scan your VPS server or dedicated server for Malware. Just like your antivirus program on your computer, Maldet scans all of the files on your server. If a rogue file is found Maldet will place the file into a quarantine folder and notify you about the issue.
Not only does Maldet scan the server regally it also scans all uploaded files via the file manager on cPanel server. If any malicious files are found Maldet removes them to the quarantine folder which is a great tool to have in the fight against malicious users.
In this guide, we’re also going to install ClamAV which will assist in searching the files of your server. This is not needed to run Maldet but, ClamAV does make the program more responsive.
First, as the root user issue the below commands inside an ssh console and Maldet will be downloaded. You need to be a user with root privileges.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xzvf maldetect-current.tar.gz cd maldetect-* sh install.sh
Next, you need to configure the software but you only need some of the options. First, open up the Maldet configuration file in a text editor like nano.
The first thing to add is your email address, reports will be sent here. We advise you to create an email account which is located on the server that has Maldet installed on.
[0 = disabled, 1 = enabled] email_alert=0 The subject line for email alerts email_subj="maldet alert from $(hostname)" The destination addresses for email alerts [ values are comma (,) spaced ] email_addr="[email protected]"
Also in the configuration file, you should enable the below additional options.
This tells LMD that it should move malware content into the quarantine folder and strip it of all permissions. Files are fully restorable to the original path, owner and permission by using the –restore FILE option.
This tells LMD that it should try to clean malware that it has cleaner rules for. Maldet Files that are cleaned are automatically restored to the original path, owner and permission but files that are not cleaned remain in quaratine.
Enabling this option allows LMD to suspend a user account that malware is found residing under. So, on cPanel systems, this will pass the user to /scripts/suspendacct and add a comment with the maldet report command to the report that caused the users suspension (e.g: maldet –report SCANID). On non-cpanel systems, the users shell will be set to /bin/false.
This is the minimum user id that will be evaluated for suspension, the default should be fine on most systems.
How to scan a VPS or dedicated server with Maldet
As the root user, you can issue the below command to use Maldet but ensure you have fully configured the software before you run your first scan.
maldet --scan-all /path/to/scan maldet -a /path/to/scan
Quarantine all malware results from a previous scan
maldet -q SCAN ID maldet –quarantine SCAN ID
Clean on all malware results from a previous scan
maldet -n SCAN ID maldet --clean SCAN ID
Restore a file that you have already quarantined
maldet -s FILENAME maldet --restore FILENAME
Install ClamAV On cPanel Servers
Now you have the basics with Maldet it’s time to install ClamAV, this will help with the time it takes Maldet to scan your cPanel server and for added security, we are also going to tell Exim to scan all emails as they are received by the server and sent by the server. So, to install ClamAV ;
- Login to WHM and type ClamAV in the search bar, select “Manage Plugins” and click to install ClamAV
This will run the yum install -y epel-release command and then yum install -y clamav
The default settings for ClamAV should be fine for most users so we will leave the settings as they are. The next thing is to tell Exim to scan all emails for viruses. In WHM go to;
Exim Configuration Manager > Basic Editor > Security
Enable the Scan messages for malware from authenticated senders (exiscan) option and the Scan outgoing messages for malware. Exim will now use ClamAV to scan for viruses when it’s sending and receiving mail.
How was this article? Install ClamAV Maldet
More from cPanel
Free SSL Certificates from places like cPanel or Let's Encrypt are great. When Let's Encrypt first introduces free SSL Certificates …
SWAP is a memory type that Linux NVMe VPS Servers use to process requests. Memory will be held in SWAP …
The Error: last request failed: [AUTH] Authentication failed error can be caused by a range of things. It could be …