EvoMalware, shell script to detect infected websites.

Go to file

Benoît S. 67bf686ffb And update MD5 list...		2015-08-17 10:54:09 +02:00
Makefile	Added suspect files.	2015-01-22 17:38:03 +01:00
README.md	Added LMD project.	2015-08-05 15:56:02 +02:00
evomalware.filenames	Added files and patters.	2015-06-23 10:38:26 +02:00
evomalware.filenames.md5	Added files and patters.	2015-06-23 10:38:26 +02:00
evomalware.patterns	Remove a false positive pattern.	2015-08-17 10:52:38 +02:00
evomalware.patterns.md5	And update MD5 list...	2015-08-17 10:54:09 +02:00
evomalware.sh	Redirect stderr of wc to /dev/null due to vanished files.	2015-03-17 16:38:45 +01:00
evomalware.suspect	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.suspect.md5	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.whitelist	Added patterns to whitelist.	2015-07-31 15:26:14 +02:00
evomalware.whitelist.md5	Added patterns to whitelist.	2015-07-31 15:26:14 +02:00

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in "one shot" mode.

The script uses 3 flat text files as databases:

evomalware.filenames, known filenames.
evomalware.patterns, known patterns.
evomalware.whitelist, files to ignore.

There is also an "aggresive" mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.

Interesting others projects

WPScan, http://wpscan.org/
Plecost, https://github.com/iniqua/plecost
Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/