A lot of switches and options are available with Maldet. let us check all the switches/options of maldet with example.
1). -b, –background :
This command will execute operations in the background. It is suitable for large scans
Example:
[root@hoststud ~]# maldet -b -r /home/hoststud/
2). -u, –update :
This command will update malware detection signatures from rfxn.com
3). -d, –update-ver
This command will update the installed version from rfxn.com
Example:
[root@hoststud ~]# maldet -d
4). -m, –monitor USERS|PATHS|FILE
This command will run maldet with inotify kernel level file create/modify monitoring
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton
Example:
[root@hoststud ~]# maldet -m /home/hoststud/
5). -k, –kill
This command will terminate inotify monitoring service
Example:
[root@hoststud ~]# maldet -k
6). -r, –scan-recent PATH DAYS
This command will scan files created/modified in the last X days (default: 7d, wildcard: ?)
e.g: maldet -r /home/?/public_html 2
7). -a, –scan-all PATH
This command will scan all files in path (default: /home, wildcard: ?)
e.g: maldet -a /home/?/public_html
8). -c, –checkout FILE
This command will upload suspected malware to rfxn.com for review & hashing into signatures
9). -l, –log
This command will view maldet log file events.
Example:
[root@hoststud ~]# maldet -l
10). -e, –report SCANID email
This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.
e.g: maldet –report
e.g: maldet –report list
e.g: maldet –report 08594-19634.85478
e.g: maldet –report SCANID user@domain.com
11). -s, –restore FILE|SCANID
This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 08594-19634.85478
12). -q, –quarantine SCANID
This command will quarantine all malware from report SCANID
e.g: maldet –quarantine 08594-19634.85478
13). -n, –clean SCANID
This command will try to clean & restore malware hits from report SCANID
e.g: maldet –clean 08594-19634.85478
14). -U, –user USER
This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 08594-19634.85478
15). -p, –purge
This command will clear logs, quarantine queue, session and temporary data.