{"id":20715,"date":"2020-11-30T05:25:44","date_gmt":"2020-11-29T21:25:44","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&#038;p=20715"},"modified":"2023-01-18T11:20:37","modified_gmt":"2023-01-18T03:20:37","slug":"maldet-lmd-commands-and-examples","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/maldet-lmd-commands-and-examples","title":{"rendered":"Maldet (LMD) commands and examples."},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"20715\" class=\"elementor elementor-20715\" data-elementor-post-type=\"kb\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-aca19ef elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"aca19ef\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0a3926a\" data-id=\"0a3926a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-67648b3 elementor-widget elementor-widget-text-editor\" data-id=\"67648b3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>In this article, we will show you the Maldet (LMD) commands and some of the examples. Before we start, do you know<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e42378b elementor-widget elementor-widget-heading\" data-id=\"e42378b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is Maldet? (LMD)<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-86b1e5b elementor-widget elementor-widget-text-editor\" data-id=\"86b1e5b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Maldet is a <strong>malware detector<\/strong> which is mainly used in <a href=\"https:\/\/www.casbay.com\/asia-vps-hosting\">Linux based servers<\/a>. To remove malware that is actively used in attacks and produces signatures for detection, it utilizes threat information from network edge intrusion detection systems.<\/p><p>It will be very useful for those who are managing shared Linux hosting servers. As many a time, an account is compromised with infected files and some malware files are there in it. You can readily identify the files by using Maldet and can also remove or quarantine those files.<\/p><p>A lot of switches and options are available with Maldet. Let us check all the switches\/options of maldet with the example.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4ff9904 elementor-widget elementor-widget-heading\" data-id=\"4ff9904\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">1). -b, \u2013background :\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-57f7ec5 elementor-widget elementor-widget-text-editor\" data-id=\"57f7ec5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will execute operations in the background. It is suitable for large scans<\/p><h5><strong>Example<\/strong>:<\/h5><p>[root@hoststud\u00a0~]# maldet -b -r \/home\/hostuser\/<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2aca068 elementor-widget elementor-widget-heading\" data-id=\"2aca068\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">2). -u, \u2013update :\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe312b6 elementor-widget elementor-widget-text-editor\" data-id=\"fe312b6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will update malware detection signatures from rfxn.com<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-107d9dc elementor-widget elementor-widget-heading\" data-id=\"107d9dc\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">3). -d, \u2013update-ver\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d4e82c5 elementor-widget elementor-widget-text-editor\" data-id=\"d4e82c5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will update the installed version from rfxn.com<\/p><p>Example:<\/p><p>[root@hoststud\u00a0~]# maldet -d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ac4e257 elementor-widget elementor-widget-heading\" data-id=\"ac4e257\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">4). -m, \u2013monitor USERS|PATHS|FILE\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4087cf3 elementor-widget elementor-widget-text-editor\" data-id=\"4087cf3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will run maldet with inotify kernel level file create\/modify monitoring<\/p><h5><strong>Example<\/strong>:<\/h5><p>[root@hoststud\u00a0~]# maldet -m \/home\/hostuser\/<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d2e35e elementor-widget elementor-widget-heading\" data-id=\"5d2e35e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">5). -k, \u2013kill\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0a4430 elementor-widget elementor-widget-text-editor\" data-id=\"a0a4430\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will terminate inotify monitoring service<\/p><h5><strong>Example<\/strong>:<\/h5><p>[root@hoststud\u00a0~]# maldet -k<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f424ff3 elementor-widget elementor-widget-heading\" data-id=\"f424ff3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">6). -r, \u2013scan-recent PATH DAYS\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6c79f9 elementor-widget elementor-widget-text-editor\" data-id=\"b6c79f9\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command scans created \/ modified files over the last X days (default: 7d, wildcard:?)<br \/>e.g: maldet -r \/home\/?\/public_html 2<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-35a1ef4 elementor-widget elementor-widget-heading\" data-id=\"35a1ef4\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">7). -a, \u2013scan-all PATH\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0e24e1 elementor-widget elementor-widget-text-editor\" data-id=\"d0e24e1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will scan all files in path (default: \/home, wildcard: ?)<br \/>e.g: maldet -a \/home\/?\/public_html<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1872da9 elementor-widget elementor-widget-heading\" data-id=\"1872da9\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">8). -c, \u2013checkout FILE\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82573f1 elementor-widget elementor-widget-text-editor\" data-id=\"82573f1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will upload suspected malware to rfxn.com for review &amp; hashing into signatures<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ba24286 elementor-widget elementor-widget-heading\" data-id=\"ba24286\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">9). -l, \u2013log\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0ea11c1 elementor-widget elementor-widget-text-editor\" data-id=\"0ea11c1\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will view maldet log file events.<\/p><p>Example:<\/p><p>[root@hoststud\u00a0~]# maldet -l<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cdf9d7e elementor-widget elementor-widget-heading\" data-id=\"cdf9d7e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">10). -e, \u2013report SCANID email\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0a9ad3 elementor-widget elementor-widget-text-editor\" data-id=\"c0a9ad3\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53298a9 elementor-widget elementor-widget-heading\" data-id=\"53298a9\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">11). -s, \u2013restore FILE|SCANID\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6fc28c6 elementor-widget elementor-widget-text-editor\" data-id=\"6fc28c6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID<br \/>e.g: maldet \u2013restore \/usr\/local\/maldetect\/quarantine\/config.php.23754<br \/>e.g: maldet \u2013restore 08594-19634.85478<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-edc60fe elementor-widget elementor-widget-heading\" data-id=\"edc60fe\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">12). -q, \u2013quarantine SCANID\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-038967b elementor-widget elementor-widget-text-editor\" data-id=\"038967b\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will quarantine all malware from report SCANID<br \/>e.g: maldet \u2013quarantine 08594-19634.85478<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a1f3109 elementor-widget elementor-widget-heading\" data-id=\"a1f3109\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">13). -n, \u2013clean SCANID\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c51b9ce elementor-widget elementor-widget-text-editor\" data-id=\"c51b9ce\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will try to clean &amp; restore malware hits from report SCANID<br \/>e.g: maldet \u2013clean 08594-19634.85478<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-495487b elementor-widget elementor-widget-heading\" data-id=\"495487b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">14). -U, \u2013user USER\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-23eaf62 elementor-widget elementor-widget-text-editor\" data-id=\"23eaf62\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.<br \/>e.g: maldet \u2013user nobody \u2013report<br \/>e.g: maldet \u2013user nobody \u2013restore 08594-19634.85478<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-18923f3 elementor-widget elementor-widget-heading\" data-id=\"18923f3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">15). -p, \u2013purge\n<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-542bd31 elementor-widget elementor-widget-text-editor\" data-id=\"542bd31\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>This command will clear logs, quarantine queue, session and temporary data.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1543c1f elementor-widget elementor-widget-text-editor\" data-id=\"1543c1f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Now you learned about some Maldet (LMD) commands and the examples. For more articles on the topic CentOS, please click <a href=\"https:\/\/www.casbay.com\/guide\/kb\/how-to-remove-delete-a-user-on-centos-7\"><em>here<\/em><\/a>.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In this article, we will show you the Maldet (LMD) commands and some of the examples. Before we start, do you know What is Maldet? (LMD) Maldet is a malware detector which is mainly used in Linux based servers. To remove malware that is actively used in attacks and produces signatures for detection, it utilizes [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[109],"kbtag":[106,105],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/20715"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=20715"}],"version-history":[{"count":6,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/20715\/revisions"}],"predecessor-version":[{"id":38208,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/20715\/revisions\/38208"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=20715"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=20715"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=20715"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=20715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}