2018-11-02 10:29:58 +01:00
|
|
|
# Description
|
2015-06-29 18:21:27 +02:00
|
|
|
|
2018-12-24 21:11:47 +01:00
|
|
|
EvoMalware is a bash(1) script that can detect various malware,
|
|
|
|
|
viruses and backdoors in PHP and Javascript source code. It is meant
|
|
|
|
|
to be used in a cron(8) job to generate reports, but can also be
|
|
|
|
|
used interactively.
|
2015-06-29 18:21:27 +02:00
|
|
|
|
|
|
|
|
The script uses 3 flat text files as databases:
|
|
|
|
|
|
2015-06-29 18:25:36 +02:00
|
|
|
* evomalware.filenames, known filenames.
|
|
|
|
|
* evomalware.patterns, known patterns.
|
|
|
|
|
* evomalware.whitelist, files to ignore.
|
2015-06-29 18:21:27 +02:00
|
|
|
|
2018-12-24 21:11:47 +01:00
|
|
|
A fourth database named evomalware.suspect is used in "aggressive"
|
|
|
|
|
mode to detect suspicious files
|
|
|
|
|
|
|
|
|
|
At each run, EvoMalware will download the latest databases.
|
2015-06-29 18:21:27 +02:00
|
|
|
|
2018-11-02 10:29:58 +01:00
|
|
|
# Configuration/Tuning
|
2015-06-29 18:21:27 +02:00
|
|
|
|
|
|
|
|
TODO
|
|
|
|
|
|
2018-11-02 10:29:58 +01:00
|
|
|
# Upstream
|
2015-06-29 18:21:27 +02:00
|
|
|
|
2018-11-02 10:31:41 +01:00
|
|
|
Upstream is at <https://gitea.evolix.org/evolix/evomalware>
|
2015-06-29 18:21:27 +02:00
|
|
|
GitHub is a mirror.
|
|
|
|
|
|
2018-12-24 21:11:47 +01:00
|
|
|
# Other projects of interest
|
2015-06-29 18:21:27 +02:00
|
|
|
|
|
|
|
|
* WPScan, http://wpscan.org/
|
2015-07-15 10:29:43 +02:00
|
|
|
* Plecost, https://github.com/iniqua/plecost
|
2015-08-05 15:55:53 +02:00
|
|
|
* Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/
|
