Linux malware scanners

Usage

Linux malware scanners are typically used for malware detection, malware protection, malware scanning.

Users for these tools include malware analysts, security professionals, system administrators.

Tools

ClamAV (malware scanner)

malware analysis, malware detection, malware scanning

ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often...

Malscan (malware scanner for web servers)

malware protection, malware scanning

Malscan is a tool to scan for malicious software (malware) such as viruses, worms, and backdoors. Its goal is to extend ClamAV with more scanning modes and signatures. It targets web servers running Linux, but can also be used on mail servers and desktops.

Maltrail (malicious traffic detection system)

intrusion detection, network analysis, security monitoring

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

MultiScanner (file scanning and analysis framework)

malware analysis, malware detection, malware scanning

MultiScanner helps malware analysts by providing a toolkit to perform both automated and manual analysis. The data extracted from the analysis can be easily stored together, including the relevant metadata and samples. It allows enriching the data further by retrieving information from external resources.

SSMA (malware analysis tool)

malware analysis, malware detection, malware scanning, reverse engineering

SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected ...

Missing a favorite tool in this list? Share a tool suggestion and we will review it.