Casbay Knowledge Base

Search our articles or browse by category below

Maldet (LMD) commands and examples.

Last modified: October 1, 2022
You are here:
Estimated reading time: 2 min

In this article, we will show you the Maldet (LMD) commands and some of the examples. Before we start, do you know

What is Maldet? (LMD)

Maldet is a malware detector which is mainly used in Linux based servers. To remove malware that is actively used in attacks and produces signatures for detection, it utilizes threat information from network edge intrusion detection systems.

It will be very useful for those who are managing shared Linux hosting servers. As many a time, an account is compromised with infected files and some malware files are there in it. You can readily identify the files by using Maldet and can also remove or quarantine those files.

A lot of switches and options are available with Maldet. Let us check all the switches/options of maldet with the example.

1). -b, –background :

This command will execute operations in the background. It is suitable for large scans


[root@hoststud ~]# maldet -b -r /home/hostuser/

2). -u, –update :

This command will update malware detection signatures from

3). -d, –update-ver

This command will update the installed version from


[root@hoststud ~]# maldet -d

4). -m, –monitor USERS|PATHS|FILE

This command will run maldet with inotify kernel level file create/modify monitoring


[root@hoststud ~]# maldet -m /home/hostuser/

5). -k, –kill

This command will terminate inotify monitoring service


[root@hoststud ~]# maldet -k

6). -r, –scan-recent PATH DAYS

This command scans created / modified files over the last X days (default: 7d, wildcard:?)
e.g: maldet -r /home/?/public_html 2

7). -a, –scan-all PATH

This command will scan all files in path (default: /home, wildcard: ?)
e.g: maldet -a /home/?/public_html

8). -c, –checkout FILE

This command will upload suspected malware to for review & hashing into signatures

9). -l, –log

This command will view maldet log file events.


[root@hoststud ~]# maldet -l

10). -e, –report SCANID email

This command will view scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address.

11). -s, –restore FILE|SCANID

This command will restore file from quarantine queue to orginal path or restore all items from a specific SCANID
e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754
e.g: maldet –restore 08594-19634.85478

12). -q, –quarantine SCANID

This command will quarantine all malware from report SCANID
e.g: maldet –quarantine 08594-19634.85478

13). -n, –clean SCANID

This command will try to clean & restore malware hits from report SCANID
e.g: maldet –clean 08594-19634.85478

14). -U, –user USER

This command will set execution under specified user, ideal for restoring from user quarantine or to view user reports.
e.g: maldet –user nobody –report
e.g: maldet –user nobody –restore 08594-19634.85478

15). -p, –purge

This command will clear logs, quarantine queue, session and temporary data.

Now you learned about some Maldet (LMD) commands and the examples. For more articles on the topic CentOS, please click here.

Was this article helpful?
Dislike 0
Previous: Disable Enhanced Security Configuration for Internet Explorer in Windows Server 2019/2016
Next: HOW TO: Add a domain name manually from IIS