diff options
| author | jvoisin | 2016-01-04 18:09:53 +0100 |
|---|---|---|
| committer | jvoisin | 2016-01-04 18:09:53 +0100 |
| commit | 1c6cf5f703c3ddeafa43237150f750d4b4ca6a1f (patch) | |
| tree | aa86b9108d4be65f7777377587d81592e6063c74 | |
| parent | e6c04caba89f6915c84b247990382461851e08f3 (diff) | |
Revert a broken/wip commit
| -rw-r--r-- | malwares.yara | 1 | ||||
| -rwxr-xr-x | phpmalwarefinder | 22 |
2 files changed, 3 insertions, 20 deletions
diff --git a/malwares.yara b/malwares.yara index ee6ea07..c3679b2 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -199,6 +199,7 @@ rule DodgyStrings | |||
| 199 | $ = "ps -aux" fullword | 199 | $ = "ps -aux" fullword |
| 200 | $ = "b374k" fullword | 200 | $ = "b374k" fullword |
| 201 | $ = /(reverse|web)\s*shell/ nocase | 201 | $ = /(reverse|web)\s*shell/ nocase |
| 202 | $ = /\t{16,}?/ | ||
| 202 | 203 | ||
| 203 | $vbs = /language\s*=\s*vbscript/ nocase | 204 | $vbs = /language\s*=\s*vbscript/ nocase |
| 204 | $asp = "scripting.filesystemobject" nocase | 205 | $asp = "scripting.filesystemobject" nocase |
diff --git a/phpmalwarefinder b/phpmalwarefinder index 186218a..2c11fe0 100755 --- a/phpmalwarefinder +++ b/phpmalwarefinder | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | #!/usr/bin/env bash | 1 | #!/usr/bin/env bash |
| 2 | 2 | ||
| 3 | |||
| 3 | YARA=$(type -P yara) | 4 | YARA=$(type -P yara) |
| 4 | CONFIG_PATH='/etc/phpmalwarefinder/malwares.yara' | 5 | CONFIG_PATH='/etc/phpmalwarefinder/malwares.yara' |
| 5 | IONICE_BIN=$(type -P ionice) | 6 | IONICE_BIN=$(type -P ionice) |
| @@ -27,23 +28,6 @@ else | |||
| 27 | fi | 28 | fi |
| 28 | fi | 29 | fi |
| 29 | 30 | ||
| 30 | # before starting yara, check if the file | ||
| 31 | one_line_trick() { | ||
| 32 | |||
| 33 | for file in $(find $@ -type f); do | ||
| 34 | line_num=$(wc -l $file | cut -d' ' -f1) | ||
| 35 | char_num=$(wc -c $file | cut -d' ' -f1) | ||
| 36 | |||
| 37 | if [ "$line_num" -le "2" ]; then | ||
| 38 | # humm, 2 lines long file ? | ||
| 39 | if [ "$char_num" -ge "300" ]; then | ||
| 40 | echo TooShort $file | ||
| 41 | fi; | ||
| 42 | fi; | ||
| 43 | done; | ||
| 44 | |||
| 45 | } | ||
| 46 | |||
| 47 | show_help() { | 31 | show_help() { |
| 48 | cat << EOF | 32 | cat << EOF |
| 49 | Usage ${0##*/} [-cfhw] <file|folder> ... | 33 | Usage ${0##*/} [-cfhw] <file|folder> ... |
| @@ -94,7 +78,7 @@ then | |||
| 94 | exit 1 | 78 | exit 1 |
| 95 | fi | 79 | fi |
| 96 | 80 | ||
| 97 | if [ -z $@ ] | 81 | if [ -z "$@" ] |
| 98 | then | 82 | then |
| 99 | show_help | 83 | show_help |
| 100 | exit 1 | 84 | exit 1 |
| @@ -108,6 +92,4 @@ fi | |||
| 108 | 92 | ||
| 109 | OPTS="${OPTS} -r ${CONFIG_PATH}" | 93 | OPTS="${OPTS} -r ${CONFIG_PATH}" |
| 110 | 94 | ||
| 111 | one_line_trick $@ | ||
| 112 | |||
| 113 | ${NICE} ${NICE_OPTS} $YARA $OPTS $@ | 95 | ${NICE} ${NICE_OPTS} $YARA $OPTS $@ |
