7 months ago · 25c3aafba0
--- a/evomalware.sh
+++ b/evomalware.sh
@@ -56,8 +56,10 @@ patterns=$(cat ${databasePATH}/evomalware.patterns | tr -d '\n')
 
				
				 whitelist=$(cat ${databasePATH}/evomalware.whitelist $whitelistLocal | tr -d '\n')
			
 
				
				 suspect=$(cat ${databasePATH}/evomalware.suspect | tr -d '\n')
			
 
				
				 
			
 
				
				-# Search for .php files (less than 1M).
			
 
				
				-find $wwwpath -name evobackup -prune -o \( -type f ! -size +1M -name "*.php" \) \
			
 
				
				+# Search for .php and .js files (less than 1M).
			
 
				
				+find $wwwpath -name evobackup -prune \
			
 
				
				+    -o \( -type f ! -size +1M -name "*.php" \) \
			
 
				
				+    -o \( -type f ! -size +1M -name "*.js" \) \
			
 
				
				     | grep -E -v "$whitelist" > $fileslist 2>/dev/null
			
 
				
				 while read file; do
			
 
				
				     # Search known filenames.
			
@@ -70,7 +72,10 @@ while read file; do
 
				
				     elif [[ $($wc -L "$file" 2>/dev/null | cut -d' ' -f1) -gt 10000 ]]; then
			
 
				
				         grep -q -E "$suspect" "$file"
			
 
				
				         if [[ $? -eq 0 ]]; then
			
 
				
				-            echo "Suspect file! More than 10000 characters in one line (and suspect PHP functions): $file."
			
 
				
				+            # Don't suspect "one line" .js file due to common minification.
			
 
				
				+            if [[ ! "$file" =~ .js$ ]]; then
			
 
				
				+                echo "Suspect file! More than 10000 characters in one line (and suspect PHP functions): $file."
			
 
				
				+            fi
			
 
				
				         fi
			
 
				
				     else
			
 
				
				         # Search for patterns.