Trojan Scan is a simple shell script that allows for simple but relatively
effective checking for trojans, rootkits and other malware that may be using
your server and network for unwanted (and possibly illegal) purposes. Since
this script is relatively simple don't expect it to catch them all, but it
helps to find these programs on e.g. shared servers. On those machines lots
of users install many kinds of applications. These applications may introduce
new vulnerabilities which would perhaps otherwise not be detected if not for
a very alert sysadmin.
It works by listing all process that use the Internet with the lsof command
(using -Pni flags). This list is then transformed into signatures in the form
These signatures then are matched against the allowed process defined in the
configuration. If any signatures of running processes are found that do not
match the allowed signatures, an email ...
Be the first to post a review of Trojan Scan!