Linux malware scanner with multi-stage detection, real-time monitoring, quarantine, and alerting
- Stars1.4k
- Forks248
- Open Issues8
GPL-2.0
- Shell
- Roff
- Go Template
About Linux Malware Detect
Linux Malware Detect (LMD) is a malware scanner for Linux built for shared hosting environments. It hunts PHP shells, JavaScript injectors, base64-encoded backdoors, IRC bots, and other web-layer threats, and runs on any distribution with bash and standard GNU utilities.
Detection combines five stages: MD5 and SHA-256 hashes, HEX patterns, compound signatures, YARA, statistical analysis, and ClamAV integration. You can scan all files, recent files, or a custom list, watch create, modify, and move events in real time with inotify, and quarantine, clean, or restore affected files.
Alerting reaches email, Slack, Telegram, and Discord, and signature updates run on a cron schedule. It installs as a native Linux daemon with systemd and SysV init support, keeping the whole workflow on the host being protected.
Key features
- MD5, SHA-256, HEX, csig, YARA, statistical, and ClamAV scanning
- Real-time inotify monitoring for create, modify, and move events
- Quarantine, clean, and restore files with full metadata recovery
- Email, Slack, Telegram, and Discord alerting
- Scan all files, recent files, or a line-separated file list
Details
- First released
- 2013
- Platforms
- Linux
- Deployment
- self-hostable
- License
- GPLv2
- Monitoring
- inotify real-time file events
- Alerting
- Email · Slack · Telegram · Discord