Trojan Scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It is relatively simple and won't catch them all, but can help to find these programs on shared servers with many users. It works by listing all process that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures, which are then are matched against the allowed process defined in the
configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output for the unknown processes.