Usage & Manual Scans
The usage of LMD is very simple and there is a detailed –help output that provides common usage examples, I strongly recommend you check the –help output and spend a few minutes reviewing it.
The first thing most users are looking to do when they get LMD installed is to scan a certain path or series of paths. An important note is that LMD uses the ‘?’ character for wildcards instead of the ‘*’ char. In the below examples I will be using the long form flags but they are interchangeable with the short form flags (i.e: –scan-recent vs. -r).
If we wanted to scan all user public_html paths under /home*/ this can be done with:
maldet –scan-all /home?/?/public_html
If you wanted to scan the same path but scope it to content that has been created/modified in the last 5 days you would run:
maldet –scan-recent /home?/?/public_html 5
If you performed a scan but forget to turn on the quarantine option, you could quarantine all malware results from a previous scan with:
maldet –quarantine SCANID
Similarly to the above, if you wanted to attempt a clean on all malware results from a previous scan that did not have the feature enabled, you would do so with:
maldet –clean SCANID
If you had a file that was quarantined from a false positive or that you simply want to restore (i.e: you manually cleaned it), you can use the following:
maldet –restore config.php.2384
maldet –restore /usr/local/maldetect/quarantine/config.php.2384
Once again, I encourage you to fully review the –help output for details on all options and the README file for more details on how LMD operates.