Linux Malware Detect


Linux Malware Detect, abbreviated as LMD or maldet, is a software package that looks for malware on Linux systems and reports on it.

Details

Linux is more secure than Microsoft Windows and there is considerably less computer viruses and other malware written for it. Whereas there are relatively many malware detection software packages like virus scanners for Windows, there are relatively few for Linux.
For protecting Linux systems against vulnerabilities, various other software packages are available, like rootkit detectors such as Rootkit Hunter and chkrootkit, auditing systems like lynis. Malware detection software like LMD and ClamAV add to the security of systems by scanning them based on the signatures of thousands of instances of known malware.
For malware signatures, LMD uses various sources, like the signatures database of ClamAV and the Malware Hash Registry of Team Cymru. Besides such third party signature databases, it also maintains its own database of signatures.
If a ClamAV scanner engine is already available on a system, LMD will use this for its scanner engine. This will normally give better performance than its built-in scanner engine.
LMD can quarantine malware and it can clean software that contains malicious code.
The executable command of LMD is maldet. Typical command invocations are maldet -d to check for later versions, maldet -u to check for malware signature updates and maldet -a to scan the file system of the server on which LMD resides. Checking for malware signature updates is typically done in an automated manner. Besides periodic scans, real-time monitoring is also supported with the --monitor command-line argument. LMD can monitor users, paths and files in such a way.
Linux Malware Detect is one of the objectives for the LPI 303 certification.