Find and Remove Backdoor on a Linux Server

Please Note:

The text on this page was translated by translation software. A revised version from our editors will be available soon.

This article introduces three tools that can help you identify and remove rootkits and other malware on your server.

Please note: The programs used do not guarantee that every backdoor is found. You can only be really sure when reinitializing the server.

I'm going to write a Look up.

Detect with rkhunter rootkits

Rootkit Hunter checks your server for existing and known root kits.

rkhunter download:



tar xfz rkhunter-1.4.2.tar.gz

Select the default profile and perform the installation:

sudo ./rkhunter-1.4.2/ --layout default --install

Select the default profile and perform the installation:

sudo ./rkhunter-1.4.2/ --layout default --install

Update of the known-bad and known-good hash database:

sudo /usr/local/bin/rkhunter --update --propupd


sudo /usr/local/bin/rkhunter --check

Further information and the rkhunter manual can be found on the official website

CLamAV - The anti-virus scanner for Linux and Windows

The open source anti-virus scanner ClamAV is available for the operating systems Windows, Linux, BSD, Solaris and Mac OS X. Installation packages and source code can be downloaded from the official website.

A description of installation on different operating systems can be found here

Maldetect (Linux Malware Detect)

Maldetect is a ClamAV-based malware scanner for Linux. A working ClamAV installation is therefore a prerequisite for using Maldetect.




tar xfz maldetect-current.tar.gz

Start installation - Replace 1.x.x with the current version number:


Update malware definitions:

maldet -u

View list of suspicious files - The log name appears after the scan is complete:

maldet --report xxxxxx-xxxx.xxxx

More information about Linux Malware Detect can be found on the official website