This is how to Install Maldet on cPanel Server, Configure & how to use Scan commands. Maldet full form is Linux Malware Detect which is open source and available free of cost from R-fx Networks, This is helpful for detecting PHP backdoors and various types of malicious files. Automation is available and it can automatically run and quarantine file but depending on your configuration file.

Run this command on your

wget //www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

Once Installation is completed then you will need to edit the configuration file and change the configuration.

Edit configuration file of Maldet, Run command:

nano /usr/local/maldetect/conf.maldet

If the nano command is not installed then you can install it by running the “yum install nano”  command or use vi commands.
or you can use vim editor as below

vi /usr/local/maldetect/conf.maldet

Edit configuration file and change this:

Enable email alert by changing it to “1”, Zero means you will not receive email alert but we recommended you to enable email alert.

email_alert="1"

Change email address to your email address:

email_addr="[email protected]"

If ClamAV is installed on your cPanel server then you can leave this as it is then ClamAV will be used as default scan engine. However If you wish then you can disable it by changing from “1” to “0”.

scan_clamscan="1"

Enable automatic quarantine hits by changing from “0”(disabled) to “1”(enable). When maldet will run then it will automatically remove the malicious file from public directory to Maldet directory and later If the file is required then you can restore it.

quarantine_hits="1"

Suspend cPanel user If found any malicious file:
By default this option is disabled(0) however If you wish then you can enable this option but your cPanel user will be suspended If any malicious file will be found on cPanel user directory.

quarantine_suspend_user="0"

How to scan directory using Maldet?

Scan whole directory inside public_html folder of every cPanel user

maldet -a /home/?/public_html/?

Meaning of -a means all directory and question mark “?” means it will contain every directory, This is same as aster-streak * (Means select everything inside folder /home/* but maldet use question mark)

Scan single directory of cPanel

maldet -a /home/username-here/public_html/path/?

How to check the quarantine report?

maldet –quarantine SCANID

Restore a file that you have already quarantined

maldet --restore FILENAME

How to Monitor file using Maldet?

You can monitor user files in real time for file creation, mode, modification, etc.

maldet --monitor cPanelUsername  (Monitor cPanel user)
maldet --monitor /home/username/public_html

Setup Cronjob

You don’t need to setup any cronjob command because of it will run everyday, Cronjob file location of maldet is /etc/cron.daily/maldet however sometimes it does not properly so you can set cronjob by adding this (Make changes according to your needs)

0 0 * * * maldet -a /home/?/public_html/?