Uses magic number validation - checks if invoice.pdf actually starts with %PDF. Lightweight (inotify-based), quarantines suspicious files, SIEM-ready logs.
One-line install for Linux/Windows. Would love feedback!
Tech stack: Python, inotify (Linux), watchdog (Windows), YAML config