1, -b, –background Execute operations in the background, ideal for large scans
2, -u, –update Update malware detection signatures from rfxn.com
3, -d, –update-ver Update the installed version from rfxn.com
4, -m, –monitor USERS|PATHS|FILE Run maldet with inotify kernel level file create/modify monitoring If USERS is specified, monitor user homedirs for UID’s > 500 If FILE is specified, paths will be extracted from file, line spaced If PATHS are specified, must be comma spaced list, NO WILDCARDS! e.g: maldet –monitor users e.g: maldet –monitor /root/monitor_paths e.g: maldet –monitor /home/mike,/home/ashton
5, -k, –kill Terminate inotify monitoring service
6, -r, –scan-recent PATH DAYS Scan files created/modified in the last X days (default: 7d, wildcard: ?) e.g: maldet -r /home/?/public_html 2
7, -a, –scan-all PATH Scan all files in path (default: /home, wildcard: ?) e.g: maldet -a /home/?/public_html
8, -c, –checkout FILE Upload suspected malware to rfxn.com for review & hashing into signatures
9, -l, –log View maldet log file events.
10, -e, –report SCANID email View scan report of most recent scan or of a specific SCANID and optionally e-mail the report to a supplied e-mail address. e.g: maldet –report e.g: maldet –report list e.g: maldet –report 050910-1534.21135 e.g: maldet –report SCANID user@domain.com
11, -s, –restore FILE|SCANID Restore file from quarantine queue to orginal path or restore all items from a specific SCANID e.g: maldet –restore /usr/local/maldetect/quarantine/config.php.23754 e.g: maldet –restore 050910-1534.21135
12, -q, –quarantine SCANID Quarantine all malware from report SCANID e.g: maldet –quarantine 050910-1534.21135
13, -n, –clean SCANID Try to clean & restore malware hits from report SCANID e.g: maldet –clean 050910-1534.21135
14, -U, –user USER Set execution under specified user, ideal for restoring from user quarantine or to view user reports. e.g: maldet –user nobody –report e.g: maldet –user nobody –restore 050910-1534.21135
15, -p, –purge Clear logs, quarantine queue, session and temporary data.
0 Comments
Please log in to leave a comment.