2015-06-29 18:21:27 +02:00
|
|
|
Description
|
|
|
|
===========
|
|
|
|
|
2015-06-29 18:25:36 +02:00
|
|
|
EvoMalware is a BASH script which permits to identify files (PHP only ATM)
|
|
|
|
infected by malwares/virus/backdoor.
|
|
|
|
The main goal is to be used in a cron job to generate reports, but it can be
|
|
|
|
used in "one shot" mode.
|
2015-06-29 18:21:27 +02:00
|
|
|
|
|
|
|
The script uses 3 flat text files as databases:
|
|
|
|
|
2015-06-29 18:25:36 +02:00
|
|
|
* evomalware.filenames, known filenames.
|
|
|
|
* evomalware.patterns, known patterns.
|
|
|
|
* evomalware.whitelist, files to ignore.
|
2015-06-29 18:21:27 +02:00
|
|
|
|
2015-12-11 17:48:15 +01:00
|
|
|
There is also an "aggressive" mode which permits to find suspect files using
|
2015-06-29 18:25:36 +02:00
|
|
|
evomalware.suspect DB.
|
2015-06-29 18:21:27 +02:00
|
|
|
At each run, the script downloads the last databases.
|
|
|
|
|
|
|
|
Configuration/Tuning
|
|
|
|
====================
|
|
|
|
|
|
|
|
TODO
|
|
|
|
|
|
|
|
Upstream
|
|
|
|
========
|
|
|
|
|
2015-06-29 18:25:36 +02:00
|
|
|
Upstream is at https://forge.evolix.org/projects/evomalware
|
2015-06-29 18:21:27 +02:00
|
|
|
GitHub is a mirror.
|
|
|
|
|
|
|
|
Interesting others projects
|
|
|
|
===========================
|
|
|
|
|
|
|
|
* WPScan, http://wpscan.org/
|
2015-07-15 10:29:43 +02:00
|
|
|
* Plecost, https://github.com/iniqua/plecost
|
2015-08-05 15:55:53 +02:00
|
|
|
* Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/
|