Tools compared: Malware scanners

Finding the right tool can be difficult. This sheet compares chkrootkit, ClamAV, LMD and Rootkit Hunter.

chkrootkitClamAVLMDRootkit Hunter

chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.

ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Tool details

The chkrootkit tool consists of multiple parts that may detect the presence of rootkit parts of rootkit behavior on a system.

Some areas that are checked include:

  • interface in promiscuous mode
  • lastlog deletions
  • wtmp deletions
  • wtmpx deletions
  • signs of LKM trojans
  • utmp deletions

ClamAV is a popular scan engine to detect malicious software (malware).

LMD uses MD5 file hashes and HEX pattern matches to define the malware signatures. These are used to detect malware.

Rootkit Hunter is a small utility to find suspicious rootkit components. Other known backdoors or malicious software can also be discovered, especially if it has the goal to hide.

The tool uses different ways to hunt, like using predefined directory locations and comparing the output of system utilities. Another method is by requesting a specific output and see if this output is altered, therefore tricking rootkits to reveal themselves.

StrenghtsUsed language is shell script, Project is mature (10+ years)Many maintainers, The source code of this software is availableThe source code of this software is availableUsed language is shell script, Project is mature (10+ years), The source code of this software is available
WeaknessesLong time between releases
Programming language(s)C, shell scriptCshell scriptshell script
Last release

0.52 (2017-03-15)

0.99.2 (2017-05-03)

1.6.2 (2017-07-14)

1.4.4 (2017-06-29)

Tool page (last updated)





Tool score
More informationchkrootkit reviewClamAV reviewLMD reviewRootkit Hunter review