Malware patterns
Looks for reverse shells, droppers, crypto-miners, suspicious scripts, and hidden executable payloads.
Standalone Linux security scanner
Scan. Audit. Harden. All from one Bash script.
antivirus.sh checks Linux servers for malware, suspicious persistence, runtime indicators, package integrity issues, and basic network signals — without requiring an agent.
$ prepare a clean workspace
$ git clone https://github.com/ultra-x-coder/antivirus.sh.git
$ cd antivirus.sh
$ sudo bash antivirus.sh --audit
Shell100% Bash
No agentRun when needed
MITOpen-source license
LinuxServer focused
What it checks
Focused on the places attackers hide.
Runtime indicators
Inspects suspicious processes, temporary-directory binaries, fileless memfd activity, and rootkit signals.
Persistence
Reviews cron jobs, systemd units, shell startup files, udev rules, rc.local, and authorized_keys entries.
Integrity & network
Checks security-critical package integrity and watches for connections commonly used by botnets or miners.
Usage
Choose the mode that fits your host.
Start read-only on production systems, then move to interactive or automatic safe fixes when you are ready.
sudo bash antivirus.sh --audit
Report only, change nothing.
sudo bash antivirus.sh
Interactive scan with confirmations.
sudo bash antivirus.sh --fix
Apply safe fixes automatically.
sudo bash antivirus.sh --scan /var/www
Scan a specific path.
Safety model
Built for careful server work.
Findings are designed to be reviewed. Malicious files are quarantined rather than deleted, and audit mode keeps production checks read-only.