Linux rootkit scanners
Introduction
Rootkits itself have the goal to keep itself hidden by intercepting system calls or overwriting common system binaries. A rootkit scanner has the goal to uncover any suspicious behavior of standard system calls or commands. This can be achieved by inspecting binaries, process listings, and traces on the disk.
Usage
Linux rootkit scanners are typically used for malware detection and malware scanning.
Users for these tools include forensic specialists, security professionals, system administrators.
Tools
Popular Linux rootkit scanners
ClamAV (malware scanner)
malware analysis, malware detection, malware scanning
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often u…
Rootkit Hunter (malware scanner)
malware detection, malware scanning
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
chkrootkit (malware scanner)
malware detection, malware scanning
Chkrootkit is typically used to perform daily security scans to detect traces of malware.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.