EvoMalware, shell script to detect infected websites.
Go to file
William Hirigoyen ae65ae4576 Fix: Insert missing OR ('|') between common and local regex in concatenation, this was causing local whitelist being ignored. 2023-01-10 15:23:21 +01:00
LICENSE Project is now GPLv3 2018-12-24 15:11:47 -05:00
Makefile Added suspect files. 2015-01-22 17:38:03 +01:00
README.md Project is now GPLv3 2018-12-24 15:11:47 -05:00
evomalware.filenames Add a new file to known malware 2019-02-04 15:59:32 +01:00
evomalware.filenames.md5 Add a new file to known malware 2019-02-04 15:59:32 +01:00
evomalware.patterns Add a new pattern 2020-06-10 16:29:39 +09:00
evomalware.patterns.md5 Add a new pattern 2020-06-10 16:29:39 +09:00
evomalware.sh Fix: Insert missing OR ('|') between common and local regex in concatenation, this was causing local whitelist being ignored. 2023-01-10 15:23:21 +01:00
evomalware.suspect Added suspect files. 2015-01-22 17:38:03 +01:00
evomalware.suspect.md5 Added suspect files. 2015-01-22 17:38:03 +01:00
evomalware.whitelist Add some directories in whitelist 2019-06-27 10:59:48 +02:00
evomalware.whitelist.md5 Mise à jour md5 2019-07-01 17:23:54 +02:00

README.md

Description

EvoMalware is a bash(1) script that can detect various malware, viruses and backdoors in PHP and Javascript source code. It is meant to be used in a cron(8) job to generate reports, but can also be used interactively.

The script uses 3 flat text files as databases:

  • evomalware.filenames, known filenames.
  • evomalware.patterns, known patterns.
  • evomalware.whitelist, files to ignore.

A fourth database named evomalware.suspect is used in "aggressive" mode to detect suspicious files

At each run, EvoMalware will download the latest databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.

Other projects of interest