wbollock/LiteMD

A Linux "Lite" Malware Detection program

LMD

A light shell daemon used to detect if any malware appears in a given directory - especially useful on a SFTP or web hosting server with many users.

Specify a Directory

LMD recurisvely calculates a hash of all files in a directory, and checks it against VirusTotal's database of MD5 malware hashes.

Find Malware

LMD can detect malware from the calculcated hash file, and present it to the user. Below is an example of detection of the EICAR test string.

Get Alerts on your MOTD

It's not the best method, but better than configuring SMTP. A cronjob will add alerts to /etc/motd.

Usage

git clone https://github.com/wbollock/LiteMD.git
cd LiteMd
./install.sh

Cleanly uninstall with:

./install.sh -r

Requirements

Arch Linux, not tested on other distros.

You'll need wget and cronie, but that's handled by the install.

Malware Testing

Proven to work with the EICAR test string only.

Credits

Gifs made with ShareX

MD5 Hashes from VirusShare

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code.

John Marks, for allowing awesome project development