Viruses are a real problem for computers that run the Windows operating system. But, as far as anyone has been able to tell, there’s no such thing as a virus that can harm a Linux-based operating system. So, the only real reason to run an antivirus solution on a Linux machine is to prevent infecting any Windows machines on your network. if you have a Linux- based email server, Samba server, download server, or any other Linux- based machine that shares files with Windows computers, then installing an antivirus solution is a good idea.

Linux Malware Detect, which you’ll often see abbreviated as either LMD or Maldet, is a Free Open Source Software (FOSS) antivirus program that can be installed in a Linux system. When you install it, you’ll get a systemd service that’s already enabled and a cron job that will periodically update both the malware signatures and the program itself.

Download and install Maldet

Run the following command to download Maldet

#wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

cd into the directory and run the installer.

As you can see, the installer automatically creates the symbolic link that enables the maldet service, and it also automatically downloads and installs the newest malware signatures.

Once the installer finishes, copy the README file to your own home directory so that you can have it for ready reference. (This README file is the documentation for LMD.)

Configure Maldet to Monitor Directories

Maldet was configured by default to automatically monitor and scan users’ home directories. In its current version, the default is for it to only monitor the /dev/shm, /var/tmp, and /tmp directories. We’re going to reconfigure it so that we can add some directories. Let’s get started:

Open the /usr/local/maldetect/conf.maldet file for editing. Find these two lines:

Change them to the following:

At the top of the file, enable email alerts and set your username as the email address.

Maldet isn’t already configured to move suspicious files to the quarantine folder, and we want to make it do that. Further down in the conf.maldet file, look for the line that says the following:

Change it to the following

You’ll see a few other quarantine actions that you can configure, but, for now, this is all we need. Now save the conf.maldet file, because that’s all the changes that we need to make to it.

Open the /usr/local/maldetect/monitor_paths file for editing. Add the directories that you want to monitor, like this:

Since viruses affect Windows and not Linux, just monitor the directories with files that will be shared with Windows machines.

After you save the file, start the maldet daemon by running this command

#sudo systemctl start maldet

You can add more directories to the monitor_paths file at any time, but remember to restart the maldet daemon any time that you do, in order to read in the new additions.

Post Views: 1,929
The following two tabs change content below.

Ruwantha Nissanka

Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.