[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#810125: RFP: linux-malware-detect -- Linux Malware Detect (LMD) is a malware scanner for Linux

Package: wnpp
Severity: wishlist

* Package name    : linux-malware-detect
  Version         : 1.5
  Upstream Author : Ryan MacDonald <ryan@r-fx.org>
* URL             : https://github.com/rfxn/linux-malware-detect
* License         : GPL v2
  Programming Lang: Bash, Perl
  Description     : Linux Malware Detect (LMD) is a malware scanner for Linux


Please can you create a Debian package for LMD?

This is an interesting software when administering the shared web server that hosts several web sites. It will detect infected CMS.

The source code is available at: https://github.com/rfxn/linux-malware-detect

The sources of a Debian package is available at: https://github.com/waja/maldetect

The author of the sources of Debian package does not have time to maintain the package in the long term: https://github.com/waja/maldetect/issues/1

The description on github:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the 
GNU GPLv2 license, that is designed around the threats faced in shared hosted 
environments. It uses threat data from network edge intrusion detection 
systems to extract malware that is actively being used in attacks and 
generates signatures for detection. In addition, threat data is also derived 
from user submissions with the LMD checkout feature and from malware 
community resources. The signatures that LMD uses are MD5 file hashes and HEX 
pattern matches, they are also easily exported to any number of detection 
tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability 
of open source/restriction free tools for Linux systems that focus on malware 
detection and more important that get it right. Many of the AV products that 
perform malware detection on Linux have a very poor track record of detecting 
threats, especially those targeted at shared hosted environments.

The threat landscape in shared hosted environments is unique from that of the 
standard AV products detection suite in that they are detecting primarily OS 
level trojans, rootkits and traditional file-infecting viruses but missing 
the ever increasing variety of malware on the user account level which serves 
as an attack platform.


Reply to: