EvoMalware, shell script to detect infected websites.

Go to file

Benoît S. 37d95a4529 Add a new file to known malware		2019-02-04 15:59:32 +01:00
LICENSE	Project is now GPLv3	2018-12-24 15:11:47 -05:00
Makefile	Added suspect files.	2015-01-22 17:38:03 +01:00
README.md	Project is now GPLv3	2018-12-24 15:11:47 -05:00
evomalware.filenames	Add a new file to known malware	2019-02-04 15:59:32 +01:00
evomalware.filenames.md5	Add a new file to known malware	2019-02-04 15:59:32 +01:00
evomalware.patterns	Add patterns	2018-12-19 16:40:09 +01:00
evomalware.patterns.md5	Add patterns	2018-12-19 16:40:09 +01:00
evomalware.sh	Adding support for .js files	2018-10-19 15:05:53 +02:00
evomalware.suspect	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.suspect.md5	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.whitelist	Add rules to the whitelist	2018-11-08 10:17:56 +01:00
evomalware.whitelist.md5	Add rules to the whitelist	2018-11-08 10:17:56 +01:00

README.md

Description

EvoMalware is a bash(1) script that can detect various malware, viruses and backdoors in PHP and Javascript source code. It is meant to be used in a cron(8) job to generate reports, but can also be used interactively.

The script uses 3 flat text files as databases:

evomalware.filenames, known filenames.
evomalware.patterns, known patterns.
evomalware.whitelist, files to ignore.

A fourth database named evomalware.suspect is used in "aggressive" mode to detect suspicious files

At each run, EvoMalware will download the latest databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.

Other projects of interest

WPScan, http://wpscan.org/
Plecost, https://github.com/iniqua/plecost
Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/