EvoMalware, shell script to detect infected websites.

Go to file

Romain Dessort 888d644b6a Add support for local whitelist Since the whitelist file is redownloaded on each script execution, we can not define our own paths to exclude from scan. This commit introduces a evomalware.whitelist.local file to fix this issue.		2018-01-29 10:36:15 -05:00
Makefile	Added suspect files.	2015-01-22 17:38:03 +01:00
README.md	Fixed typographical error, changed aggresive to aggressive in README.	2015-12-11 17:48:15 +01:00
evomalware.filenames	Added a SPAM mailer.	2015-08-17 11:22:11 +02:00
evomalware.filenames.md5	Added a SPAM mailer.	2015-08-17 11:22:11 +02:00
evomalware.patterns	Add a new pattern	2018-01-04 17:59:22 +01:00
evomalware.patterns.md5	Add a new pattern	2018-01-04 17:59:22 +01:00
evomalware.sh	Add support for local whitelist	2018-01-29 10:36:15 -05:00
evomalware.suspect	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.suspect.md5	Added suspect files.	2015-01-22 17:38:03 +01:00
evomalware.whitelist	Update whitelist	2018-01-03 09:07:42 +01:00
evomalware.whitelist.md5	Update whitelist	2018-01-03 09:07:42 +01:00

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in "one shot" mode.

The script uses 3 flat text files as databases:

evomalware.filenames, known filenames.
evomalware.patterns, known patterns.
evomalware.whitelist, files to ignore.

There is also an "aggressive" mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.

Interesting others projects

WPScan, http://wpscan.org/
Plecost, https://github.com/iniqua/plecost
Linux Malware Detect (with ClamAV), https://www.rfxn.com/projects/linux-malware-detect/