Malmo is an extremely interesting new project – It is generally designed to protect hosting servers from malware on it, created by my friend and linux guru ShadowX. To clarify what exactly is meant – nothing prevents you from throwing at which hosting a nice c99 shell, for example, and if it is not well-tuned file system, nothing prevents the evil hahor to get access to shell. In general, the idea of malmon is to monitor the upload of such pleasant misery and move them to a quarantine directory other than the document root.. The principle on which it works is quite pleasant – monitors for created new files in a folder that is set to watch the software and in the presence of some file that matches certain signatures sends it to the eternal hunting grounds. Something like antivirus software 😉 The script is written in python which makes it light, fast and flexible. To keep track of new files created, it uses the relatively new kernel mechanism inotify. Although the script is not yet officially a stable version of 3 days I have not had problems on a decently loaded server – one of the sites there is in the top 100 на tyxo 😉
I can keep pouring dry statistics and deep explanations of how the code works, But I will not do it. I will rather urge you to download it, test it and if you have suggestions to write to the author 😉 If you see bugs, write to him again, people are wrong and it is good to support each other.. Cheers!