Tools compared: Malware scanners
Finding the right tool can be difficult. This sheet compares chkrootkit, ClamAV, LMD and Rootkit Hunter.
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
The chkrootkit tool consists of multiple parts that may detect the presence of rootkit parts of rootkit behavior on a system.
Some areas that are checked include:
ClamAV is a popular scan engine to detect malicious software (malware).
LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.
Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.
The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.
|Strenghts||Used language is shell script, Project is mature (10+ years)||Many maintainers, The source code of this software is available||The source code of this software is available||Used language is shell script, Project is mature (10+ years), The source code of this software is available|
|Weaknesses||Long time between releases|
|Programming language(s)||C, shell script||C||shell script||shell script|
|Tool page (last updated)|
|More information||chkrootkit review||ClamAV review||LMD review||Rootkit Hunter review|