EvoMalware, shell script to detect infected websites.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
Benoît S. dd880d78b7 Add rules to the whitelist il y a 1 mois
Makefile Added suspect files. il y a 3 ans
README.md Update README il y a 1 mois
evomalware.filenames Added a SPAM mailer. il y a 3 ans
evomalware.filenames.md5 Added a SPAM mailer. il y a 3 ans
evomalware.patterns Added patterns il y a 1 mois
evomalware.patterns.md5 Added patterns il y a 1 mois
evomalware.sh Adding support for .js files il y a 1 mois
evomalware.suspect Added suspect files. il y a 3 ans
evomalware.suspect.md5 Added suspect files. il y a 3 ans
evomalware.whitelist Add rules to the whitelist il y a 1 mois
evomalware.whitelist.md5 Add rules to the whitelist il y a 1 mois

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP/JS only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in “one shot” mode.

The script uses 3 flat text files as databases:

  • evomalware.filenames, known filenames.
  • evomalware.patterns, known patterns.
  • evomalware.whitelist, files to ignore.

There is also an “aggressive” mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.

Interesting others projects