From a2b70e76b1238f19bcd5d39a681d128733146846 Mon Sep 17 00:00:00 2001
From: shaddai
Date: Mon, 15 Feb 2016 15:16:27 +0100
Subject: Reduce FP triggered by the TooShort rule

The TooShort rule is now used against *.ph* files in order to reduce the number of false positives triggered by pictures and JS files.
Using the wc command ionly once should reduce I/O load too.---
 php-malware-finder/phpmalwarefinder | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/php-malware-finder/phpmalwarefinder b/php-malware-finder/phpmalwarefinder
index 98c578d..99d9033 100755
--- a/php-malware-finder/phpmalwarefinder
+++ b/php-malware-finder/phpmalwarefinder
@@ -31,13 +31,12 @@ fi
 # before starting yara, check if the file
 one_line_trick() {
 
-    find $@ -type f -print0  | while IFS= read -r -d '' -r file; do
-     line_num=$(wc -l "$file" | cut -d' ' -f1)
-     char_num=$(wc -c "$file" | cut -d' ' -f1)
-
-     if [ "$line_num" -le "2" ]; then
+    find $@ -type f -iname '*.ph*' -print0  | while IFS= read -r -d '' -r file; do
+     read lines words chars name <<< $(wc "$file")
+     
+     if [ "$lines" -le "2" ]; then
         # humm, 2 lines long file ?
-        if [ "$char_num" -ge "300" ]; then
+        if [ "$chars" -ge "300" ]; then
             echo TooShort $file
         fi;
     fi;
-- 
cgit v1.3