EvoMalware, shell script to detect infected websites.
bash
security
Benoît S. dd880d78b7 Add rules to the whitelist il y a 1 semaine
Makefile Added suspect files. il y a 3 ans
README.md Update README il y a 2 semaines
evomalware.filenames Added a SPAM mailer. il y a 3 ans
evomalware.filenames.md5 Added a SPAM mailer. il y a 3 ans
evomalware.patterns Added patterns il y a 3 semaines
evomalware.patterns.md5 Added patterns il y a 3 semaines
evomalware.sh Adding support for .js files il y a 1 mois
evomalware.suspect Added suspect files. il y a 3 ans
evomalware.suspect.md5 Added suspect files. il y a 3 ans
evomalware.whitelist Add rules to the whitelist il y a 1 semaine
evomalware.whitelist.md5 Add rules to the whitelist il y a 1 semaine

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP/JS only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in “one shot” mode.

The script uses 3 flat text files as databases:

  • evomalware.filenames, known filenames.
  • evomalware.patterns, known patterns.
  • evomalware.whitelist, files to ignore.

There is also an “aggressive” mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.

Interesting others projects