From b522a23a7427e22d441502dcc8663fa147bf4bf3 Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Thu, 29 Dec 2016 08:31:27 +0100
Subject: [PATCH] Case insensitive extension check, removed problematic
 whitelist

---
 scan.php      | 4 ++--
 whitelist.txt | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/scan.php b/scan.php
index 354fede..b0614b7 100644
--- a/scan.php
+++ b/scan.php
@@ -46,7 +46,7 @@ class MalwareScanner
                 if ($ext[0] != '.') {
                     $ext = '.' . $ext;
                 }
-                $this->extension = $ext;
+                $this->extension = strtolower($ext);
             }
             if (isset($options['hide-ok'])) {
                 $this->flagHideOk = true;
@@ -116,7 +116,7 @@ class MalwareScanner
             if (is_dir($dir . $file)) {
                 $this->process($dir . $file . '/');
             } elseif (is_file($dir . $file)) {
-                $ext = substr($file, strrpos($file, '.'));
+                $ext = strtolower(substr($file, strrpos($file, '.')));
                 if ($ext == $this->extension) {
                     $this->scan($dir . $file);
                 }
diff --git a/whitelist.txt b/whitelist.txt
index af613c9..f32f0e7 100644
--- a/whitelist.txt
+++ b/whitelist.txt
@@ -27,7 +27,6 @@ a6cce6be28fd8c451e54280aaa88bfcc wp-content/plugins/nextgen-gallery/products/pho
 e9cf6421fe6afc7b724bf0372697e1c4 wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
 eb034c991aee49aa232f6d50372f8b4a wp-content/themes/enfold/framework/php/function-set-avia-frontend.php -> (\$[a-z0-9]{3,}\[\d+\]\.){4,}
 5311094f43c7252b22c71fd4dee43f03 wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
-d2865536f339150ee54a81811ca80128 wp-includes/rss.php -> (\$[a-z0-9]{3,}\[\d+\]\.){4,}
 279d3f9add6b50ccdb7e07803e713618 wp-content/plugins/wp-simple-firewall/src/common/googleauthenticator/googleauthenticator.php -> (chr\(\d+\)\.){4,}
 1d1490c6c99b8ea03688428d8a22bb4a wp-content/plugins/wp-simple-firewall/src/features/firewall.php -> /etc/passwd
 7b41326263c3868548a54d34eb595750 wp-content/plugins/google-calendar-events/vendor/mexitek/phpcolors/src/Mexitek/PHPColors/Color.php -> (\$[a-z0-9]{3,}\[\d+\]\.){4,}
@@ -53,9 +52,9 @@ ebb2fe179c852ce247418925743ee7b0 wp-includes/formatting.php -> (chr\(\d+\)\.){4,
 d77cecbe949c76a1d54a70cba5bf8df0 wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
 1a8664f9385c28fc01c4224c51fcb72c wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
 edd1548e1908e445eeae6ca465d1c259 wp-includes/formatting.php -> (chr\(\d+\)\.){4,} 
+7f95646cc4c16b9b5e1c1d3f7e6bb1df wp-includes/formatting.php -> (chr\(\d+\)\.){4,}
 124ee8826072a166503ccca21b954e48 wp-content/plugins/ultimate-security-checker/securitycheck.class.php -> uname -a
 380ae5f3190f2b2e38477e2d52c09a3b wp-content/plugins/wordfence/lib/wordfenceURLHoover.php -> @preg_replace  
 b2f59fc0fcc1e40561e3ca485d5569a2 wp-content/plugins/s2member/includes/classes/tracking-codes.inc.php -> eval("?> 
 0af39249db48e6c5c274cb0a085b530d wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/functions.formatting.php -> (chr\(\d+\)\.){4,} 
 db0f55370d091c3960929f653c0a986d wp-content/plugins/tracking-code-manager/includes/classes/utils/Utils.php -> =urldecode 
-