For this tutorial I worked with Linux Malware Detect and ClamAV.
Linux Malware Detect runs against a database of known malware exploits from an updated registry maintained by Team Cymru. ClamAV helps accelerate the speed of scanning.
Setup Linux Malware Detect
Download Malware Detect:
tar -xvf maldetect-current.tar.gz
Configure Linux Malware Detect. Set toggle to 1, update subject line and enter email address:
# [ EMAIL ALERTS ] ## # The default email alert toggle # [0 = disabled, 1 = enabled] email_alert=1 # The subject line for email alerts email_subj="Malware Detect Subject Line $(hostname)" # The destination addresses for email alerts # [ values are comma (,) spaced ] email_addr="firstname.lastname@example.org"
Set scan to run daily with cron:
This cron job will update the malware registry it initially downloaded including any new malware threats and also scan all home directories on the server. If anything is found you will get an email about it telling you the path to the offending file.
Scan specific directory:
maldet -a /home/homedir/public_html/
Scan all directories using a wildcard:
maldet -a /home/?/public_html/
Use ClamAV as Scanner Engine on WHM/cPanel
Link Linux Malware Detect to proper ClamAV location:
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
Now when you scan it should be a good bit faster.