Wesbytes Knowledge Base

Search our articles or browse by category below

Maldet (LMD) commands and examples.

Last modified: July 2, 2022
You are here:
Estimated reading time: 1 min

What is Maldet? (LMD)

Maldet is a malware detector that is mostly used on servers that run Linux. It makes use of threat data from network edge intrusion detection systems to remove malware that is actively employed in assaults and generates signatures for detection.

For those in charge of shared Linux hosting servers, it will be quite helpful. A compromised account frequently has malware files and infected files inside of it. Using Maldet, you can quickly recognise the files and either remove or quarantine them.

Maldet offers a wide range of switches and options. Let’s use the example to examine all the switches and options in maldet.

1. -b, -background:

This command will execute operations in the background. It is suitable for large scans

maldet -b -r /home/hostuser/

2. -u, -update:

This command will update malware detection signatures from rfxn.com

3. -d, -update-ver:

This command will update the installed version from rfxn.com

maldet -d

4. -m, -monitor USERS|PATHS|FILE

This command will run maldet with inotify kernel-level file create/modify monitoring

maldet -m /home/hostuser/

5. -k, -kill

This command will terminate inotify monitoring service

maldet -k

6. -r, -scan-recent PATH DAYS

This command scans created / modified files over the last X days (default: 7d, wildcard:?)

maldet -r /home/?/public_html 2

7. -a, -scan-all PATH

This command will scan all files in path (default: /home, wildcard: ?)

maldet -a /home/?/public_html

8. -c, -checkout FILE

This command will upload suspected malware to rfxn.com for review & hashing into signatures

9. -l, -log

This command will view maldet log file events.

maldet -l

10. -e, -report SCANID email

This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.

11. -s, -restore FILE|SCANID

This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID

maldet –restore /usr/local/maldetect/quarantine/config.php.23754
maldet –restore 08594-19634.85478

12. -q, -quarantine SCANID

This command will quarantine all malware from report SCANID

maldet –quarantine 08594-19634.85478

13. -n, -clean SCANID

This command will try to clean & restore malware hits from report SCANID

maldet –clean 08594-19634.85478

14. -U, -user USER

This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.

maldet –user <user_name> –report
maldet –user <user_name> –restore 08594-19634.85478

15. -p, -purge

This command will clear logs, quarantine queue, session and temporary data.

Was this article helpful?
Dislike 0
Views: 122