EvoMalware, shell script to detect infected websites.
Go to file
Benoît S. f97bf01643 New pattern. 2016-02-17 09:51:49 +01:00
Makefile Added suspect files. 2015-01-22 17:38:03 +01:00
README.md Fixed typographical error, changed aggresive to aggressive in README. 2015-12-11 17:48:15 +01:00
evomalware.filenames Added a SPAM mailer. 2015-08-17 11:22:11 +02:00
evomalware.filenames.md5 Added a SPAM mailer. 2015-08-17 11:22:11 +02:00
evomalware.patterns New pattern. 2016-02-17 09:51:49 +01:00
evomalware.patterns.md5 New pattern. 2016-02-17 09:51:49 +01:00
evomalware.sh Redirect stderr of wc to /dev/null due to vanished files. 2015-03-17 16:38:45 +01:00
evomalware.suspect Added suspect files. 2015-01-22 17:38:03 +01:00
evomalware.suspect.md5 Added suspect files. 2015-01-22 17:38:03 +01:00
evomalware.whitelist Whitelist Extendware module. 2016-01-04 09:44:26 +01:00
evomalware.whitelist.md5 Whitelist Extendware module. 2016-01-04 09:44:26 +01:00

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in "one shot" mode.

The script uses 3 flat text files as databases:

  • evomalware.filenames, known filenames.
  • evomalware.patterns, known patterns.
  • evomalware.whitelist, files to ignore.

There is also an "aggressive" mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.

Interesting others projects