mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Combined whitelist release
This commit is contained in:
Gabor Gyorvari
42
scan.php
42
scan.php
@@ -39,7 +39,7 @@ class MalwareScanner
|
||||
private $flagFollowSymlink = false;
|
||||
private $flagLineNumber = false;
|
||||
private $flagScanEverything = false;
|
||||
private $flagBigData = false;
|
||||
private $flagCombinedWhitelist = false;
|
||||
private $outputFormat = '';
|
||||
private $whitelist = array();
|
||||
private $ignore = array();
|
||||
@@ -55,8 +55,8 @@ class MalwareScanner
|
||||
private $patterns_re = array();
|
||||
private $patterns_b64functions = array();
|
||||
private $patterns_b64keywords = array();
|
||||
private $bigdata = array();
|
||||
private $bigdata_count = 0;
|
||||
private $combined_whitelist = array();
|
||||
private $combined_whitelist_count = 0;
|
||||
|
||||
/**
|
||||
* MalwareScanner constructor.
|
||||
@@ -127,8 +127,8 @@ class MalwareScanner
|
||||
//Check if the md5 checksum exists in the whitelist and returns true if it does.
|
||||
private function inWhitelist($hash)
|
||||
{
|
||||
if ($this->flagBigData) {
|
||||
if ($this->binarySearch($hash, $this->bigdata, $this->bigdata_count) > -1) {
|
||||
if ($this->flagCombinedWhitelist) {
|
||||
if ($this->binarySearch($hash, $this->combined_whitelist, $this->combined_whitelist_count) > -1) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -230,7 +230,7 @@ class MalwareScanner
|
||||
'output-format:',
|
||||
'wordpress-version:',
|
||||
'scan-everything',
|
||||
'big-data'
|
||||
'combined-whitelist'
|
||||
)
|
||||
);
|
||||
|
||||
@@ -310,8 +310,8 @@ class MalwareScanner
|
||||
if (isset($options['scan-everything']) || isset($options['E'])) {
|
||||
$this->setFlagScanEverything(true);
|
||||
}
|
||||
if (isset($options['big-data'])) {
|
||||
$this->setFlagBigData(true);
|
||||
if (isset($options['combined-whitelist'])) {
|
||||
$this->setFlagCombinedWhitelist(true);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -396,9 +396,9 @@ class MalwareScanner
|
||||
$this->flagScanEverything = $b;
|
||||
}
|
||||
|
||||
public function setFlagBigData($b)
|
||||
public function setFlagCombinedWhitelist($b)
|
||||
{
|
||||
$this->flagBigData = $b;
|
||||
$this->flagCombinedWhitelist = $b;
|
||||
}
|
||||
|
||||
// @see http://stackoverflow.com/a/13914119
|
||||
@@ -578,7 +578,7 @@ class MalwareScanner
|
||||
* Validates the input directory
|
||||
*
|
||||
* - Calls the load pattern and load whitelist functions
|
||||
* - Fetch and load big data white list
|
||||
* - Fetch and load combined whitelist
|
||||
* - Calls the process and report functions.
|
||||
*
|
||||
* @param $dir
|
||||
@@ -597,7 +597,7 @@ class MalwareScanner
|
||||
|
||||
$this->loadWhitelist();
|
||||
|
||||
if ($this->flagBigData && !$this->updateBigData()) {
|
||||
if ($this->flagCombinedWhitelist && !$this->updateCombinedWhitelist()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -725,7 +725,7 @@ class MalwareScanner
|
||||
return $key;
|
||||
}
|
||||
|
||||
private function updateBigData($url = 'https://scr34m.github.io/php-malware-scanner')
|
||||
private function updateCombinedWhitelist($url = 'https://scr34m.github.io/php-malware-scanner')
|
||||
{
|
||||
$latest_hash = trim(file_get_contents($url . '/database/compressed.sha256'));
|
||||
if ($latest_hash === false) {
|
||||
@@ -733,7 +733,7 @@ class MalwareScanner
|
||||
return false;
|
||||
}
|
||||
|
||||
$file = __DIR__ . '/bigdata.dat';
|
||||
$file = __DIR__ . '/whitelist.dat';
|
||||
if (is_readable($file)) {
|
||||
$hash = hash_file('sha256', $file);
|
||||
if ($hash != $latest_hash) {
|
||||
@@ -760,16 +760,16 @@ class MalwareScanner
|
||||
}
|
||||
|
||||
$content = gzdecode(file_get_contents($file));
|
||||
$this->bigdata = [];
|
||||
$this->bigdata_count = 0;
|
||||
$this->combined_whitelist = [];
|
||||
$this->combined_whitelist_count = 0;
|
||||
foreach (explode("\n", $content) as $line) { // faster than strtok, but needs more memory
|
||||
if ($line) {
|
||||
$this->bigdata[] = $line;
|
||||
$this->bigdata_count++;
|
||||
$this->combined_whitelist[] = $line;
|
||||
$this->combined_whitelist_count++;
|
||||
}
|
||||
}
|
||||
$this->bigdata_count -= 1; // -1 because we use indexes in binary search
|
||||
echo 'Big data loaded hash count: ' . ($this->bigdata_count + 1) . PHP_EOL;
|
||||
$this->combined_whitelist_count -= 1; // -1 because we use indexes in binary search
|
||||
echo 'Combined whitelist records count: ' . ($this->combined_whitelist_count + 1) . PHP_EOL;
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -797,7 +797,7 @@ class MalwareScanner
|
||||
echo ' -L --line-number Display matching pattern line number in file' . PHP_EOL;
|
||||
echo ' -o --output-format Custom defined output format' . PHP_EOL;
|
||||
echo ' -j --wordpress-version Version of wordpress to get md5 signatures' . PHP_EOL;
|
||||
echo ' --big-data General whitelist' . PHP_EOL;
|
||||
echo ' --combined-whitelist Combined whitelist' . PHP_EOL;
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user