diff options
| author | Julien "shaddai" Reveret | 2015-12-03 17:59:59 +0100 |
|---|---|---|
| committer | Julien "shaddai" Reveret | 2015-12-03 17:59:59 +0100 |
| commit | 2626e61dff7aee0f306dfd900f0e298e16085711 (patch) | |
| tree | 2e89d1f8172f851afc21b87b0050e25d7b81d2ae | |
| parent | 3aea5b3b3e4da79420037e12e3884d0c30bd92f0 (diff) | |
files with no end of line or less than 3 lines and huge (more than 300) amonts of characters are detected as suspicious
| -rwxr-xr-x | php-malware-finder/phpmalwarefinder | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/php-malware-finder/phpmalwarefinder b/php-malware-finder/phpmalwarefinder index 3870367..20d3cee 100755 --- a/php-malware-finder/phpmalwarefinder +++ b/php-malware-finder/phpmalwarefinder | |||
| @@ -27,6 +27,23 @@ else | |||
| 27 | fi | 27 | fi |
| 28 | fi | 28 | fi |
| 29 | 29 | ||
| 30 | # before starting yara, check if the file | ||
| 31 | one_line_trick() { | ||
| 32 | |||
| 33 | for file in $(find $@ -type f); do | ||
| 34 | line_num=$(wc -l $file | cut -d' ' -f1) | ||
| 35 | char_num=$(wc -c $file | cut -d' ' -f1) | ||
| 36 | |||
| 37 | if [ "$line_num" -le "2" ]; then | ||
| 38 | # humm, 2 lines long file ? | ||
| 39 | if [ "$char_num" -ge "300" ]; then | ||
| 40 | echo TooShort $file | ||
| 41 | fi; | ||
| 42 | fi; | ||
| 43 | done; | ||
| 44 | |||
| 45 | } | ||
| 46 | |||
| 30 | show_help() { | 47 | show_help() { |
| 31 | cat << EOF | 48 | cat << EOF |
| 32 | Usage ${0##*/} [-cfhw] <file|folder> ... | 49 | Usage ${0##*/} [-cfhw] <file|folder> ... |
| @@ -87,4 +104,6 @@ fi | |||
| 87 | 104 | ||
| 88 | OPTS="${OPTS} -r ${CONFIG_PATH}" | 105 | OPTS="${OPTS} -r ${CONFIG_PATH}" |
| 89 | 106 | ||
| 107 | one_line_trick $@ | ||
| 108 | |||
| 90 | ${NICE} ${NICE_OPTS} $YARA $OPTS $@ | 109 | ${NICE} ${NICE_OPTS} $YARA $OPTS $@ |