github rfxn/linux-malware-detect v2.0.1-rc3
LMD v2.0.1-rc3
on GitHub

pre-release7 hours ago

LMD 2.0.1 release candidate 3. Rolls up comment normalization, --json-report scaling fix, and ignore_inotify defaults refresh on top of rc2.

Changes since rc2

issue #480 — ignore_inotify defaults refresh + union model

  • [Fix] Shipped ignore_inotify defaults were dead code since March _monitor_escape_ere change: ERE metachars escaped to literals, matched nothing
  • [New] files/internals/ignore_inotify.defaults — LMD-managed curated defaults, overwritten on upgrade
  • [Fix] files/ignore_inotify shrunk to user template; 11 dead regex entries removed
  • [Fix] monitor_init() unions both files via new _monitor_load_ignore_inotify_union helper (skips blanks and # comments, dedupes)
  • [New] Coverage for systemd-private tmpdirs (RHEL 9+, AlmaLinux 10, Debian 12), MariaDB sql-temptable-*.MAI/.MAD, PostgreSQL, Redis, Memcached, ClamAV runtime, systemd journal, backup agents
  • [New] Packaging: RPM spec, DEB rules (override_dh_fixperms preserves 640), DEB links, symlink-manifest, pkg install test
  • [New] 16 BATS cases (tests/47-ignore-inotify-defaults.bats) including sentinel guards for user-file false positives
  • [Change] Docs: README.md §5/§7, maldet.1 MONITOR MODE

issue #482 — --json-report scaling + field parity

  • [Fix] path field missing from reports[], active[], stopped[] in --json-report list
  • [Fix] Unified _json_escape_string helper in lmd.lib.sh + _json_escape_var out-param variant for hot loops
  • [Fix] O(N²) → O(N) list rendering: 20,000-report corpus 82s → 1.7s via local -A _seen_ids dedup
  • [New] 4 BATS cases for path-field parity and dedup

Comment discipline — 28 files

  • [Change] T1: strip banner separators and file-header catalogues
  • [Change] T2: collapse signature-restatement blocks in function headers
  • [Change] T3: inline prose rehousing + files/maldet audit
  • Net: 15.0% → 12.0% comment density, 115 banners removed, -514 lines. Zero functional change. 8964/0 on 9-OS CI.

Verification

  • 1016/1016 BATS on Debian 12 at 984c0b1 (rc2 996 + 20 new cases)
  • Tarball: maldet-2.0.1.tar.gz, 261,635 bytes, git archive with .gitattributes export-ignore honored (1,816 bytes smaller than rc2)
  • Packaging: ignore_inotify.defaults at 640 under /usr/lib/maldet/internals/, not a DEB conffile, not RPM %config, refreshes on upgrade
  • Upgrade path: user ignore_inotify preserved via importconf glob; curated defaults refreshed unconditionally

Install

wget https://github.com/rfxn/linux-malware-detect/releases/download/v2.0.1-rc3/maldet-2.0.1.tar.gz
tar xzf maldet-2.0.1.tar.gz
cd maldet-2.0.1
./install.sh
Check out latest releases or
releases around rfxn/linux-malware-detect v2.0.1-rc3

Don't miss a new linux-malware-detect release

NewReleases is sending notifications on new releases.

Get notifications