Install ClamAV + Maldet on CentOS 7

by · Published · Updated

A quick guide for installing ClamAV and Maldet on CentOS 7 for malware scanning and quarantining.

Install ClamAV and Maldet

Using the ClamAV malware library will speed up the scans performed by Maldet.

You will need to install Maldet from source, which can be downloaded from rfxn.net.

Use the sed commands below to edit values in the /usr/local/maldetect/conf.maldet configuration file.

  • email_alert="1": Send notifications via email when cron job runs
  • email_addr="YOUR_EMAIL@HOSTNAME": The email address notifications should be send to
  • email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)": The email subject for notifications
  • quarantine_hits="1": Move the malware to quarantine.
  • quarantine_clean="1": Delete any malware detected.
#!/bin/bash

# make sure the MALDET_EMAIL is set
if [[ -z $MALDET_EMAIL ]]; then
  read -e -p "Please enter a notification email: " MALDET_EMAIL
fi
if [[ -z $MALDET_EMAIL ]]; then
  exit 0
fi

yum install -y epel-release wget perl
yum install -y clamav

cd /usr/local/src
curl -s http://www.rfxn.com/downloads/maldetect-current.tar.gz -o maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
./install.sh
maldet --update-sigs --update-ver

sed -i "s|[email protected]|${MALDET_EMAIL}|" /usr/local/maldetect/conf.maldet
sed -i 's|^scan_clamscan="0"|scan_clamscan="1"|' /usr/local/maldetect/conf.maldet
sed -i 's|^email_alert="0"|email_alert="1"|' /usr/local/maldetect/conf.maldet
sed -i 's|^quarantine_hits="0"|quarantine_hits="1"|' /usr/local/maldetect/conf.maldet
sed -i 's|^quarantine_clean="0"|quarantine_clean="1"|' /usr/local/maldetect/conf.maldet
# add email subject if it doesn't exist
grep -q email_subj /usr/local/maldetect/conf.maldet || echo 'email_subj="Malware alerts for $HOSTNAME - $(date +%Y-%m-%d)"' >> /usr/local/maldetect/conf.maldet

Your system should now perform a daily scan via cron job. You can also scan manually from the command line and specifying the directory to check for malware – or you can use root to scan the entire filesystem.

maldet --scan-all /path/to/scan

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *