Also called MalDet, has a set of signatures for matching malware in web-files. It uses the ClamAV scanner engine (if found) which also includes its own signatures.
Get it:
# git clone https://github.com/rfxn/linux-malware-detect.git
Install it:
# cd linux-malware-detect
# bash install.sh
Change the email_alert & email_addr variables
# vim /usr/local/maldetect/conf.maldet
Optionally change the following to whatever html folder your users has in its homedir, in my case:
inotify_docroot="html"
I emptied this variable since i have a lot of scripts creating files in the tmp dir and this just fills up my logs
scan_tmpdir_paths=””
Test it:
# maldet -a /var/www/?/html/
(The following does not seem to work! Better run it in Cron)
To run it in background checking every file created by users with UID +500
# apt-get install inotify-tools
# maldet --monitor users
Follow the realtime log
# tail -f /usr/local/maldetect/logs/inotify_log