rfxn/linux-malware-detect v2.0.1-rc4

LMD v2.0.1-rc4

on GitHub

Bug-fix and polish candidate. Three user-reported regressions from rc1-rc3 closed, JSON report surface stabilized at schema 1.2, CHANGELOG deduped.

Fixes

• #484 (reported by @Gazoo): ignore_inotify stopped honoring regex entries after the v2.0.1 monitor redesign. Restored v1.6.6 POSIX ERE semantics so anchors and wildcards in user entries work as intended. Added literal: per-entry prefix as opt-in escape for paths that contain regex metacharacters. ignore_paths in monitor mode now uses grep -E -vf to match scan-mode semantics. Re-added curated scantemp. default for ClamAV runtime temp noise.
• #485 (reported by @Gazoo): quarantine_hits silently skipped monitor-mode hits when ownership filters dropped events. New monitor_scan_owner_filters toggle in conf.maldet. Default 0 (off) restores v1.6.6 monitor semantics so every file is scanned regardless of owner. Set 1 to re-enable ownership filters in monitor mode.
• #483 (reported by @Gazoo): --json-report list --all now merge-sorts reports[] newest-first globally, eliminating interleaving between TSV and legacy sessions. Added started_epoch (int) across active[], stopped[], reports[] for consumer-side sort. Pass-2 session glob now skips legacy .html artifacts, fixing 12s+ hangs on upgrades with pre-on-demand-HTML files.

JSON schema 1.2

• session.index field count: 11 to 14 (engine, hash_type, sig_version appended).
• --json-report list emits schema_version: \"1.2\" with top-level scanner and host blocks.
• Per-scan JSON renderers mirror the list-report shape for a uniform consumer contract.
• Header #LMD_INDEX:v2 with 11-arg back-compat reader for pre-1.2 index files.

Coverage

• Full distro matrix on anvil: 9 OS targets, 1080 tests each, 0 failures.
• UAT: 100/100 pass on Debian 12.
• Sentinel review: APPROVE, 0 MUST-FIX, 0 SHOULD-FIX.

Thanks @Gazoo for the detailed reproductions on all three issues.