We have already covered how to install and configure Maldet so now let’s cover some common Maldet Commands. Maldet will scan your server for potential security threats and depending on how the program is set up it will either delete the threat or move it into a quarantine folder for further inspection. Once a thread has been found by the software you should receive an email warning you of the problem. We will cover what to do when you receive an email notification from Maldet in another guide but first let’s go through the basic commands on how to use Maldet.
This guide is part of a series of guides about installing and using Maldet.
- Install Maldet on Linux Servers.
- Common Maldet Commands (This guide).
- What to do when a Maldet alert is received.
Maldet Commands
Any commands you want to tell Maldet to perform are started with “Maldet” followed by the options and the path to the folder or file
maldet options /path/to/folder/fileUpdate Maldet
You can update Maldet on Linux Servers in two ways, either by updating the malware detection signatures or by updating the installed version from rfxn.com.
Updating the malware detection signatures
maldet -u, –update Common Maldet Commands
Any commands you want to tell Maldet to perform are started with “Maldet” followed by the options and the path to the folder or file
maldet options /path/to/folder/fileUpdate Maldet in Linux
You can update Maldet in two ways, either by updating the malware detection signatures or by updating the installed version from rfxn.com.
Updating the Malware detection signatures
maldet -u, –update 
Background Malware Scans
maldet –m users
maldet –m /root/monitor_paths
maldet –m /home/first2host/public_htmlMaldet can scan files and folders in the background which is useful for large scans and production servers
maldet -b -r /path/to/folder/fileMonitoring users, paths, and files
Maldet can monitor the whole server or individual users or even a specific path to a file or folder. If you decide to monitor a user then you need to use the UID of the account. You could use the path to the user’s home directory if you’re not sure of the UID
maldet -m USERS|PATHS|FILETerminating the monitoring process
If you no longer want Maldet to monitor users of folders then you can terminate the monitoring service
maldet -kScan all files created or modified in the X days
Maldet by default scans all files created or modified in the last 7 days but you can choose the number of days to scan back by using a wildcard at the end of the command, in our example, Maldet will scan for files modified or created in the last 2 days
maldet -r /home/ 2Scan a path to a file or folder
You can direct Maldet to scan an absolute path to a file or folder, by default Maldet scans the /home folder
maldet -a /home/first2host/public_htmlSubmitting a file for review to rfxn.com
You can send a file to rfxn.com for review and if confirmed its Malware they can hash it into the signatures for future detection. Specify the path to the suspicious file and use the checkout switch
maldet -c /home/first2host/fileThe Maldet log
maldet -lView most recent scan report
maldet -reportView a specific scan ID
If you receive an email from Maldet reporting a hit on a file you can view the report by using the scan ID in the email
maldet -e SCANIDRestore a file from quarantine
You can restore a file from quarantine or all files from a specific scan using the scan ID
maldet –restore /usr/local/maldetect/quarantine/file_to_restore.php
maldet –restore 054782-5742.5542Quarantine all hits from a scan
Using the scan ID you can send all of the hit to quarantine. The scan ID will be in the email you receive notifying you of the hits.
maldet –quarantine 054782-5742.5542Try to clean & restore malware
Using the scan ID you can try to clean any Malware
maldet –clean 054782-5742.5542Clear Maldet logs
Clear all Maldet logs, quarantine queue, session and temporary data.
maldet -p
