Linux rootkit scanners
Rootkits itself have the goal to keep itself hidden by intercepting system calls or overwriting common system binaries. A rootkit scanner has the goal to uncover any suspicious behavior of standard system calls or commands. This can be achieved by inspecting binaries, process listings, and traces on the disk.
Linux rootkit scanners are typically used for malware detection and malware scanning.
Users for these tools include forensic specialists, security professionals, system administrators.
chkrootkit (malware scanner)
malware detection, malware scanning
Chkrootkit is typically used to perform daily security scans to detect traces of malware.
ClamAV (malware scanner)
malware analysis, malware detection, malware scanning
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often...
Missing a favorite tool in this list? Share a tool suggestion and we will review it.