Install and configure Linux Malware Detect on a CentOS VPS

maldetLinux Malware Detect or just Maldet is free and open source malware scanner for Linux machines. It scans the machine for known malwares and quarantine suspicious files or simply alert you for their presence.  It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources.

In this tutorial we will show you how to install Linux Malware detect on your CentOS VPS.

Log in to your server as user root and update the packages:

yum update -y

Now, go to Linux Malware Detect’s official website and download it to your server


Unpack the downloaded Linux Malware detect archive

tar xfz maldetect-current.tar.gz

Change the current working directory

cd maldetect-*

And run the installation script


You should get the following output

Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <>
(C) 2013, Ryan MacDonald <>
inotifywait (C) 2007, Rohan McGovern <>
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet

maldet(776): {sigup} performing signature update check...
maldet(776): {sigup} local signature set is version 201205035915
maldet(776): {sigup} new signature set (2014082316728) available
maldet(776): {sigup} downloaded
maldet(776): {sigup} downloaded
maldet(776): {sigup} downloaded
maldet(776): {sigup} downloaded
maldet(776): {sigup} downloaded
maldet(776): {sigup} signature set update completed
maldet(776): {sigup} 11788 signatures (9895 MD5 / 1893 HEX)

Open Maldet’s configuration file

nano /usr/local/maldetect/conf.maldet

And change the following settings:
email_alert=1 – Enable email alerts
email_addr=”user@yourdomain.tld” – Enter the destination address for email alerts
quar_hits=1 – Move the detected malware to quarantine and send an alert
quar_clean=1 – Try to clean the detected malware injections

There are more options that you can configure according to your needs.

After the installation a daily cronjob which checks for the latest version of Maldet and malware definition/signature files is automatically created.

That’s all. Linux Malware Detect is installed and configured on your server.

To scan a directory you can use

maldet -a /path/to/directory

To update Maldet use the below command

maldet -u

You can find the details on all options by executing

maldet - h

or read the README file.

Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install Linux Malware Detect for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

6 thoughts on “Install and configure Linux Malware Detect on a CentOS VPS”

  1. Thanks for helping me out. Here quar_clean=1 will clean the detected malware injections. That means: if malware found in a script (php,html etc) will this remove the script completely from the server??

    • ‘quar_clean’ will clean string-based malware injections from a script, it should not remove the script.

      Please note that ‘quar_clean’ require that ‘quar_hits’ is enabled.

  2. Hi.
    after install maldet, will it automatically create daily cronjob for scanning?
    and how to edit time of daily scanning?


    • The cronjob is created during the installation. Please check the /etc/cron.daily/maldet file.

      You may edit the /etc/crontab file and change the time, for example:

      10 1 * * * root run-parts /etc/cron.daily


Leave a Comment

To prove you are human please solve the following *