From b7143d389051f2bd7a8d4f15c89b4a76e9fdb9b6 Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Thu, 8 Dec 2016 10:48:31 +0100
Subject: Introducing new function : give user hints about potential malicious
 files

---
 php-malware-finder/phpmalwarefinder | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/php-malware-finder/phpmalwarefinder b/php-malware-finder/phpmalwarefinder
index 02f7594..de25a36 100755
--- a/php-malware-finder/phpmalwarefinder
+++ b/php-malware-finder/phpmalwarefinder
@@ -106,6 +106,18 @@ one_line_trick() {
 
 }
 
+needle_in_haystack() {
+
+  needle=$(mktemp)
+  egrep '(PasswordProtection|Websites|TooShort|NonPrintableChars)' $1 > $needle
+  if [ ! "$(wc -l $needle)" = "0" ]; then
+      echo "================================================="
+      echo "You should take a look at the files listed below:"
+      cat $needle
+  fi;
+  rm $needle
+}
+
 show_help() {
     cat << EOF
 Usage ${0##*/} [-cfhtvl] <file|folder> ...
@@ -181,8 +193,9 @@ then
 fi
 
 
-if [ ! -e "${LONG_LINES}" ]
+if [ -e "${LONG_LINES}" ]
 then
+    echo long lines checked
 one_line_trick "$@"
 fi
 
@@ -190,5 +203,10 @@ fi
 CONFIG_PATH=${CONFIG_PATH%/*}/
 OPTS="${OPTS} -r ${CONFIG_PATH}${FORMAT}.yar"
 
+# Copy outpout to temporary file
+output=$(mktemp)
 # Execute rules
-${NICE} ${NICE_OPTS} $YARA $OPTS "$@"
+${NICE} ${NICE_OPTS} $YARA $OPTS "$@" |tee $output 
+
+needle_in_haystack $output
+rm $output # comment this if you want to keep output
-- 
cgit v1.3