mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
extending patterns and whitelists
This commit is contained in:
3
scan.php
3
scan.php
@@ -149,6 +149,7 @@ class MalwareScanner
|
|||||||
'=\'base\'.(32*2).\'_de\'.\'code\'',
|
'=\'base\'.(32*2).\'_de\'.\'code\'',
|
||||||
'"base64_decode"',
|
'"base64_decode"',
|
||||||
'YmFzZTY0X2RlY29kZ', // base64_decode
|
'YmFzZTY0X2RlY29kZ', // base64_decode
|
||||||
|
'"p"."r"."e"."g"."_"', // preg_
|
||||||
|
|
||||||
/* 'eval', 'eval(', */
|
/* 'eval', 'eval(', */
|
||||||
'eval("?>',
|
'eval("?>',
|
||||||
@@ -191,6 +192,8 @@ class MalwareScanner
|
|||||||
// eval(v5JONDD($v5EKGVD, $vX3Z3DE));
|
// eval(v5JONDD($v5EKGVD, $vX3Z3DE));
|
||||||
'(chr\(\d+\)\.){4,}',
|
'(chr\(\d+\)\.){4,}',
|
||||||
// chr(22).chr(33).chr(22).chr(22)
|
// chr(22).chr(33).chr(22).chr(22)
|
||||||
|
'(chr\(\d+\^\d+\)\.){4,}',
|
||||||
|
// chr(95^57).chr(95^54).chr(95^51).chr(95^58)
|
||||||
'(\$[a-z0-9]{3,}\[\d+\]\.){4,}',
|
'(\$[a-z0-9]{3,}\[\d+\]\.){4,}',
|
||||||
// $saz98[5].$saz98[2].$saz98[1].$saz98[3].$saz98[5]
|
// $saz98[5].$saz98[2].$saz98[1].$saz98[3].$saz98[5]
|
||||||
'chr\(\d+\)\.""\.""\.""\.""\.""',
|
'chr\(\d+\)\.""\.""\.""\.""\.""',
|
||||||
|
|||||||
@@ -45,3 +45,5 @@ a74724b2a02b50afb0e71f78b7661a4c owncloud/3rdparty/OS/Guess.php -> uname -a
|
|||||||
a74724b2a02b50afb0e71f78b7661a4c owncloud/3rdparty/OS/Guess.php -> uname -a
|
a74724b2a02b50afb0e71f78b7661a4c owncloud/3rdparty/OS/Guess.php -> uname -a
|
||||||
b3c71065cb5420e15a8bd1aeac63b00d owncloud/3rdparty/smb4php/smb.php -> /etc/passwd
|
b3c71065cb5420e15a8bd1aeac63b00d owncloud/3rdparty/smb4php/smb.php -> /etc/passwd
|
||||||
f063d5b84d03538b85f05cde9aae8037 civicrm/packages/os/guess.php -> uname -a
|
f063d5b84d03538b85f05cde9aae8037 civicrm/packages/os/guess.php -> uname -a
|
||||||
|
f10b143d678bff74c4f3b69543472d6d wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
|
||||||
|
db08c00ae52f4408393789ee7f927939 wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
|
||||||
|
|||||||
Reference in New Issue
Block a user