Browse Source

Adding support for .js files

pull/9/head
Benoît S. 10 months ago
parent
commit
25c3aafba0
1 changed files with 8 additions and 3 deletions
  1. 8
    3
      evomalware.sh

+ 8
- 3
evomalware.sh View File

@@ -56,8 +56,10 @@ patterns=$(cat ${databasePATH}/evomalware.patterns | tr -d '\n')
whitelist=$(cat ${databasePATH}/evomalware.whitelist $whitelistLocal | tr -d '\n')
suspect=$(cat ${databasePATH}/evomalware.suspect | tr -d '\n')

# Search for .php files (less than 1M).
find $wwwpath -name evobackup -prune -o \( -type f ! -size +1M -name "*.php" \) \
# Search for .php and .js files (less than 1M).
find $wwwpath -name evobackup -prune \
-o \( -type f ! -size +1M -name "*.php" \) \
-o \( -type f ! -size +1M -name "*.js" \) \
| grep -E -v "$whitelist" > $fileslist 2>/dev/null
while read file; do
# Search known filenames.
@@ -70,7 +72,10 @@ while read file; do
elif [[ $($wc -L "$file" 2>/dev/null | cut -d' ' -f1) -gt 10000 ]]; then
grep -q -E "$suspect" "$file"
if [[ $? -eq 0 ]]; then
echo "Suspect file! More than 10000 characters in one line (and suspect PHP functions): $file."
# Don't suspect "one line" .js file due to common minification.
if [[ ! "$file" =~ .js$ ]]; then
echo "Suspect file! More than 10000 characters in one line (and suspect PHP functions): $file."
fi
fi
else
# Search for patterns.

Loading…
Cancel
Save