Syed Ashik Mahmud - Pro System Admin and Malware Cleaner

Category: WHM Security

How to install MALDET Linux Malware Detect on cPanel Server?

Maldet is a malware detector and scanner for Linux based servers a project designed by R-fx networks project. It can be installed on shared hosting servers like cPanel WHM and linux plesk servers which works along with Clamav tool.

1. Download & Install Maldet –

cd /usr/local/src
tar -xzvf maldetect-current.tar.gz

2. Go to the maldetect directory and run the installer script ‘’ as root:

cd maldetect-1.5

3. Next, make a symlink to the maldet command in the /bin/ directory.

ln -s /usr/local/maldetect/maldet /bin/maldet
hash -r

4. Configure Maldet, Install Nano editor if its not installed ( yum install nano ) –

cd /usr/local/maldetect/
nano conf.maldet

5. Enable email alert by changing the value to ‘1’.


6. Set your email address .

email_addr=”[email protected]

We will use the ClamAV clamscan binary as default scan engine because it provides a high-performance scan on large file sets. If its not installed you can install it using ( yum -y install clamav clamav-devel ) then update using ( freshclam ) command.

7. Change value to ‘1’ on line 114 – scan_clamscan=”1″

8. Next, enable quarantining to move malware to the quarantine automatically during the scan process. Change value to ‘1’ on line 180 – quarantine_hits=”1″

9. Change value to 1 on line 185 to enable clean based malware injections – quarantine_clean=”1″

10. Save and exit.

Use Real-Time Monitoring with Maldet for active monitoring.

The inotify monitoring feature is designed to monitor paths/users in real-time for file creation/modify/move operations. This option requires a kernel that supports inotify_watch (CONFIG_INOTIFY) which is found in kernels 2.6.13+ and CentOS/RHEL 5 by default.

There are three modes that the monitor can be executed with and they relate to what will be monitored, they are USERS|PATHS|FILES.
e.g: maldet –monitor users
e.g: maldet –monitor /root/monitor_paths
e.g: maldet –monitor /home/mike,/home/ashton

Only find PHP files on an account

maldet –include-regex “.*.php$” -a /home/pronyxco/public_html

Full account
maldet –include-regex “.*.php$” -a /home/?/public_html

maldet -a /home/?

Reference :

How to install Linux Malware Detect

Error: “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”

If you are getting error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration” after clicking on “configServer security and firewall” then you have to follow below steps. You just need to change the value of RESTRICT_SYSLOG from 0 to 3 and save changes. This step will remove your error. In this article we are further going to explain the step by step method to remove this error. You can easily solve this problem through WHM or can directly access the csf.conf file and make changes in it. Both ways are explained below:

Login to WHM.

Click on “configServer security and firewall” under plugins or search “firewall” in search box.

A new window will appear with this error “WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration”. To solve this error click on “Firewall Configuration”.

Here set RESTRICT_SYSLOG to 3.

At last SAVE and Restart CSF (ConfigServer Security & Firewall).

You can also directly make changes in csf configuration file through vi editor.

You can open the file though this command :


# vi /etc/cfs/csf.conf

In this file search for “RESTRICT_SYSLOG” and set it to 3.

Change it to 3.



At last restart csf with this command :


# /etc/init.d/csf restart

© 2024 Coders Tent

Theme by Anders NorenUp ↑