Email alerts - email_alert
Enable or disable e-mail alerts, this includes application version alerts as well as automated/manual scan reports.
On-demand reports can still be sent manually.
Default: 1
Alert email addresses - email_addr
The destination e-mail addresses for automated/manual scan reports and application version alerts.
Default: admin@yourdomain.com
Ignore email alert when scan is successfully cleaned - email_ignore_clean
Ignore e-mail alerts for scan reports in which all malware hits and application version alerts.
Default: 1
Email subject - email_subj
The subject line for e-mail alerts.
Default: maldet alert from $(hostname)
Email format - email_format
The format for e-mail alerts. HTML emails include a professionally designed template with color-coded threat types and
scan summary.
Default: html
SMTP relay - smtp_relay
The SMTP relay for email delivery. When set, emails are sent via this relay instead of the local MTA (mail/sendmail).
Supports TLS/SSL. Examples: smtps://smtp.gmail.com:465, smtp://relay.example.com:587
Default: empty
SMTP from - smtp_from
The sender address for SMTP relay delivery. Required when smtp_relay is set.
Default: empty
SMTP user - smtp_user
The SMTP username. Required for authenticated relay delivery.
Default: empty
SMTP password - smtp_pass
The SMTP password. Required for authenticated relay delivery.
Default: empty
Slack alert - slack_alert
Enable or disable slack alerts, this will upload the scan report as a file into one or more slack channels.
Default: 0
Slack subject - slack_subj
The file name of the file that will be uploaded to slack channel(s).
Default: maldet alert from $(hostname)
Slack token - slack_token
Slack authentication token. Requires scope: files:write:user. More information
Default: AUTH_TOKEN
Slack channels - slack_channels
Comma-separated list of channel names or IDs where the scan report will be shared.
Default: maldetreports
Telegram alert - telegram_alert
Enable or disable Telegram alerts.
Default: 0
Telegram file caption - telegram_file_caption
The caption for the report file that will be sent to Telegram channel.
Default: maldet alert from $(hostname)
Telegram bot token - telegram_bot_token
The Telegram bot token. More information
Default: TELEGRAM_BOT_TOKEN
Telegram channel ID - telegram_channel_id
The Telegram channel id. More information
Default: TELEGRAM_CHANNEL_ID
Discord alert - discord_alert
Enable or disable discord alerts, this will upload the scan report via a discord webhook.
Default: 0
Discord webhook URL - discord_webhook_url
Discord webhook URL for alert delivery.
Default: empty
Autoupdate signatures - autoupdate_signatures
Automatic updates of anti-malware signature files and cleaner rules. The signature update process preserves any custom
signature or cleaner files. It is highly recommended that this be enabled as new signatures a released multiple times
per-week.
Default: 1
Autoupdate signatures interval - sigup_interval
The interval in hours for automatic signature update checks via the independent cron job (/etc/cron.d/maldet-sigup).
This runs separately from cron.daily and is idempotent with maldet -u. Set to 0 to disable the independent cron job.
Default: 6
Autoupdate version - autoupdate_version
Automatic version updates of LMD. The installation update process preserves all configuration options along with custom
signature and cleaner files. It is recommended that this be enabled to ensure the latest version, features and bug fixes
are always available.
Default: 0
Autoupdate version hashed - autoupdate_version_hashed
Validate the LMD executable MD5 hash with known good upstream hash value. This allows LMD to replace the the executable
/ force a re-installation in the event the LMD executable is tampered with or corrupted. If you intend to make
customizations to the LMD executable, you should disable this feature.
Default: 0
Cron prune days - cron_prune_days
The retention period, in days, which quarantine, temporary files and stale session information should be retained. Data
older than this value is deleted with the daily cron execution.
Default: 21
Cron daily scan - cron_daily_scan
Enable or disable the automatic scanning of standard web directories performed via cron.
Default: 1
Scan days - scan_days
The number of days to look back for recently modified files during daily cron scans. Files modified within this number
of days will be scanned. This value is passed as the DAYS argument to "maldet -r PATH DAYS".
Default: 1
Import config URL - import_config_url
Download the configuration file from a remote URL. The local conf.maldet and internals.conf are parsed followed by the
imported configuration file. As such, only variables defined in the imported configuration file are overridden and a
full set of configuration options is not explicitly required in the imported file.
Default: empty
Import config expire - import_config_expire
The expiry interval for refreshing the local cached version of the imported configuration file. The default is every 12h
(43200 seconds) which should be ok for most setups.
Default: 43200
Signature import MD5 URL - sig_import_md5_url
Download custom MD5 signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES!
Default: empty
Signature import HEX URL - sig_import_hex_url
Download custom HEX signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES!
Default: empty
Signature import YARA URL - sig_import_yara_url
Download custom YARA signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES!
Default: empty
Signature import SHA256 URL - sig_import_sha256_url
Download custom SHA256 signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES!
Default: empty
Signature import CSIG URL - sig_import_csig_url
Download custom CSIG signature files from a remote URL. THIS WILL OVERWRITE ANY LOCAL CUSTOM SIGNATURE FILES!
Default: empty