Republished: Basic Malware Detector For Linux

This was originally published on in Jun 2009

OK, if this of use to anyone then fantastic!!!!

It's a simple script that will generate MD5/SHA1/SHA256 sums of all files within your PATH. This is based on the PATH variable on my machine at time of writing, in fact it also checks the sums of my backups (you'll probably want to remove the /mnt/exthd line).

Its simple to use, all you need to do is burn the generated disc image to a CD for use when you check your system. It is based on the idea that you trust the security of your system at the time of generation, and there are a few caveats:

  1. Must be run as root (you can run as a normal user, but will get a lot of Permission Denieds)
  2. Won't notice if new executables appear (to be changed at a later date, maybe!)
  3. You must burn the disc image (if you leave it on the system, and it's compromised, the attacker could regenerate your image)


There are a couple of steps before you can get the script working. You'll need nothing more than a text editor!

  1. You need to specify the checksum program to use (default is sha256sum)
  2. You may want to change the directories that are checksummed


Calling just the script, or using --help will display usage options. Despite what is shown, all that is currently supported is --full --help

using the first will generate a checksum of every file stored within the directories specified within the script, which will then be stored in an ISO image along with the verification script. This should be burnt to a CD immediately.

Upon mounting the CD (to run your check), cd into the mounted directory and run


which will then check all files stored within it's database. It will provide you with a prompt before it goes away, read it carefully and then press enter.
Should any discrepancies be found, they will be piped through less, but the file will remain in /tmp


Probably quite a few


MD5 Sum