#antivirus #server-guard

app inullify

Watch directories, and truncate dangerous files

5 releases

0.1.4 Aug 16, 2020
0.1.3 Jul 22, 2020
0.1.2 Jul 22, 2020
0.1.1 Jul 22, 2020
0.1.0 Jul 22, 2020

#1342 in Filesystem

MIT license

184 lines


This command-line utility watches given directories for new files, and for changes in existing files. If a dangerous file appears, it will be nullified (truncated to zero size). This is useful on FTP servers, and this can fight big percent of WordPress attacks.

A dangerous file is a file that matches given regular expression. By default (?P<ELF>\x7FELF)|(?P<PHP><\?), that guards against uploading ELFs (linux executables) and PHP files.


This is cargo software. First you need to install cargo, if you didn't yet: see how to do this. Then:

cargo install inullify



# or:
inullify /tmp /var/www/my-wordpress

# or:
inullify --regex='(?P<PHP><\?)' /tmp

To daemonize third-party software can be used. For example in Ubuntu we can use daemon:

sudo daemon --name=inullify --user=www-data --respawn --stdout=/tmp/inullify.log --stderr=/tmp/inullify-err.log -- inullify /tmp

iNullify must be run from user that has access to files of interest.


Desired regex can be specified with -r or --regex command-line option.

You can mark alternatives with named groups. If a group matched for some file, this group name will be printed together with the filename.

PHP antivirus

To prevent uploading dangerous files to server from PHP applications, you need to monitor PHP upload directory. This directory is set in php.ini with directive called upload_tmp_dir. By default PHP uses /tmp.


~71K SLoC