ClamAV-based malware scanner for Linux web servers.
malscan is a scanning platform for Linux servers that simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all of the features of Clamscan with a host of new features and detection modes.
- Multiple channels of malware signatures
- RFX Networks Signatures
- Metasploit Signatures
- malscan Signatures
- ClamAV Main Signatures
- Multiple Detection Methods
- Standard HEX or MD5 based detections
- Includes a database of over 30,000 signatures
- Uses both HEX and hash based detections
- String length detections
- Identifies long obfuscated strings.
- Non-signature based, to help detect zero day code injections
- MimeType mismatch detections
- Detects PHP files that are masquerading as other file types.
- Identifies certain common obfuscated attack vectors, such as command
shells hiding as
.pngfiles.
- Tripwire detection mode
- Allows you to whitelist files in a known clean configuration.
- Compares the file tree to previously whitelisted states to identify changes.
- Can be hooked into common deploy tools, such as
capistranoordpl.
- Standard HEX or MD5 based detections
- Easy File Quarantining
- Custom email notifications
- Linux Server / Desktop
- Full root access, or the ability to install:
- ClamAV
- File
- Postfix or Exim, if using email notifications.
- SSH Access
NOTE: Malscan v1.x is the last to support RPM-based installation. Malscan v2.x will support platform-agnostic installation processes, including Puppet and script-based installers.
NOTE: Malscan RPM packages are depreciated and will be removed
RPM packages are available for RHEL, CentOS, and Fedora. Packages are generated only for currently supported operating systems. Support includes:
| Operating System | Version | |
|---|---|---|
| RHEL / CentOS | 7 |  |
| RHEL / CentOS | 6 | |
| Fedora | 28 | |
| Fedora | 27 | |
| Fedora | 26 |  |
Guides on how to set up the malscan yum repository can be found here:
We make every effort to support as many operating systems as possible. Currently, we officially support the following operating systems:
- Alpine Linux
- Debian
- Unbuntu (LTS only)
All of the above are supported via the malscan installer. This installer will automatically identify your operating system, and install required dependencies.
NOTE: For Alpine Linux, you must install bash before you can run the installer.
To install via the installer on a supported system, simply run:
curl -sSL https://raw.githubusercontent.com/malscan/malscan/1.x/installer | bashWe strongly recommend reading through the installer before running it. Running scripts without knowing what they do is dumb.
See malscan -h for more detailed program usage.
If you're interested in contributing to malscan, I am looking for the following help:
- Feature development
- Documentation
- Web design
- Logo design
Contact me at [email protected] if you're interested.
The malscan application is released under the MIT license, which is included in the repository. This software is provided as is, with absolutely no warranty provided for it. As this application does alter file/directory structure for this server, make sure that you understand exactly what this application does and the security ramifications of it.