Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 (free, open source) license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature, threats found on the TCH network of over 30,000 hosted domains and from malware community resources.
Installation & Configuration :
There is nothing special to installing LMD, download the package and run the enclosed install.sh script :
- wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
- tar xfz maldetect-current.tar.gz
- cd maldetect-*
Now that LMD is installed, take note of the file locations and we can go ahead with opening the configuration file located at /usr/local/maldetect/conf.maldet for editing (vi or nano -w). The configuration file is fully commented so you should be able to make out most options but lets take a moment to review the more important ones anyways.