The script uses 3 flat text files as databases:
- evomalware.filenames, known filenames.
- evomalware.patterns, known patterns.
- evomalware.whitelist, files to ignore.
A fourth database named evomalware.suspect is used in "aggressive" mode to detect suspicious files
At each run, EvoMalware will download the latest databases.
Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.
Other projects of interest
- WPScan, http://wpscan.org/
- Plecost, https://github.com/iniqua/plecost
- Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/