malscan

ClamAV-based malware scanner for Linux web servers.

malscan is a scanning platform for Linux servers that simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all of the features of Clamscan with a host of new features and detection modes.

Features

• Multiple channels of malware signatures
  • RFX Networks Signatures
  • Metasploit Signatures
  • malscan Signatures
  • ClamAV Main Signatures
• Multiple Detection Methods
  • Standard HEX or MD5 based detections
    • Includes a database of over 30,000 signatures
    • Uses both HEX and hash-based detections
  • String length detections
    • Identifies long obfuscated strings.
    • Non-signature based, to help detect zero-day code injections
  • MimeType mismatch detections
    • Detects PHP files that are masquerading as other file types.
    • Identifies certain common obfuscated attack vectors, such as command shells hiding as .png files.
  • Tripwire detection mode
    • Allows you to whitelist files in a known clean configuration.
    • Compares the file tree to previously whitelisted states to identify changes.
    • Can be hooked into common deploy tools, such as capistrano or dpl.
• Easy File Quarantining
• Custom email notifications

Changelog v.18.1

Nov 26, 2018

• Fixed: Malscan now provides better information when attempting a run with the lockfile present. (fixes #26).

Install & Use

Copyright 2015-2018 Josh Grancell