How to install and configure LMD (maldet) to scan for malware a Linux server

If you care about the security of your server (and you really should) one of the tools you can use on a daily basis (via cron) is LMD (a.k.a maldet) which is basically a malware scanner that can quarantine a get rid of files infected with malware.


In this guide we'll go through the process of installing and configuring maldet on a Linux server, whether it be a dedicated bare metal server of a Cloud VPS

Installing LMD:

We'll first go into /usr/local/src/ and then download the installations files using wget:

cd /usr/local/src/



We then proceed to extract the downloaded file:

tar -xcf maldetect-current.tar.gz


Let's go into the maldet folder, which should have been extracted by our previous command:

cd maldet-*


And now we run the install bash with the following command:



Now we go onto the configuration part, by default all options are commented in the configuration file, so you can configure it based on your requirements. Let's go over what each option is:

email_alert : If you would like to receive email alerts, then it should be set to 1.

email_subj : Set your email subject here.

email_addr : Add your email address to receive malware alerts.

quar_hits : The default quarantine action for malware hits, it should be set 1.

quar_clean : Cleaning detected malware injections, must set to 1.

quar_susp : The default suspend action for users wih hits, set it as per your requirements.

quar_susp_minuid : Minimum userid that can be suspended.


So let's now open the configuration file with your preferred text editor, I'll use nano here:

nano /usr/local/maldetect/conf.maldet


The following command is really important, it takes care of updating maldet's db:

maldet -u


Now onto the actual use, let's scan the home dir a of user, this command will scan the specified folder and show the output of the command:

maldet -a /home/user


Say you want to scan all public_html folders for all users on the server, this is handy on servers used to host multiple websites:

maldet --scan-all /home?/?/public_html

If you wish to restore a file that has been quarantined you can do so with the following command:

maldet --restore /usr/local/maldetect/quarantine/somefile.php

You could (and should) create a cron job that takes of running this task every day,.

That's it, you now have knowledge of a tool that should help keep your server secure; keep in mind that this is just one fo the things you can do to improve your server's security.

If you're looking for a home for your new project or a new home for your existing website check out our web hosting, cloud vps and dedicated servers here:


  • linux security, maldet, lmd, malware scanner
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to secure SSHd

Leaving the default settings of SSH is not a good idea, here are a few steps you should consider...

Securing your Wordpress installation

Securing your wordpress installation: We all know how easy it is to setup...

ownCloud Auto Install Script on Debian 7

Here is an easy way to install ownCloud on Debian 7 with a script, but first, for those who...

NGINX – Allow access only to certain IPs

Nginx has a nice module that not many people know about, it basically enables us...

How to configure NTP client in CentOS

What's NTP? NTP stands for Network Time Protocol, and it is an Internet protocol used to...