Home

rkcheck is a malware scanner tool combined Yara and ClamAV, with some custom features.

The original idea of rkcheck is to scan rootkits and malware inside Linux system. Available tools (rkhunter, chkrootkit) use the absolute path method to check if the system is infected by rootkits. Note: rkhunter also checks for kernel's symbols to check some kernel-land rootkits . The methods are old and don't work in real world scenarios. The idea is to replace the absolute path checking to signature matching to detect malware.

By doing some researches, I found out there are some problems with available open source scanners. Therefore I'm trying to create a malware scanner tool, fixing some problems I found and give some improvements (check feature comparison wiki page).

Overall, rkcheck is a malware scanner tool, combine ClamAV engine and Yara engine. The tool won't be able to replace real antivirus software. But I hope it gives and other solution to user to find malicious software inside the system.