Merge pull request #52 from cbotsikas/fix-php-support

Use array() instead of the short array syntax []

README.md

@@ -35,6 +35,7 @@ Usage: php scan.php -d <directory>
     -o                   --output-format      Custom defined output format
     -j                   --wordpress-version  Version of wordpress to get md5 signatures
                          --combined-whitelist Combined whitelist
+                         --disable-stats      Disable statistics output
 ```
 
 Ignore argument could be used multiple times and accept glob style matching ex.: "`cache*`", "`??-cache.php`" or "`/cache`" etc.

definitions/patterns_raw.txt

@@ -261,6 +261,14 @@ tmhapbzcerff
 IndoXploit
 FaisaL Ahmed aka rEd X
 
+# WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
+wp-vcd
+class.theme-modules.php
+wp-tmp.php
+tmpcontentx
+function wp_temp_setupx
+derna.top/code.php
+stripos($tmpcontent, $wp_auth_key)
 
 #Miscellaneous
 uname -a

scan.php

@@ -40,6 +40,7 @@ class MalwareScanner
     private $flagLineNumber = false;
     private $flagScanEverything = false;
     private $flagCombinedWhitelist = false;
+    private $flagDisableStats = false;
     private $outputFormat = '';
     private $whitelist = array();
     private $ignore = array();
@@ -230,7 +231,8 @@ class MalwareScanner
                 'output-format:',
                 'wordpress-version:',
                 'scan-everything',
-                'combined-whitelist'
+                'combined-whitelist',
+                'disable-stats'
             )
         );
 
@@ -313,6 +315,9 @@ class MalwareScanner
         if (isset($options['combined-whitelist'])) {
             $this->setFlagCombinedWhitelist(true);
         }
+        if (isset($options['disable-stats'])) {
+            $this->setFlagDisableStats(true);
+        }
     }
 
     public function setExtensions(array $a)
@@ -401,6 +406,11 @@ class MalwareScanner
         $this->flagCombinedWhitelist = $b;
     }
 
+    public function setFlagDisableStats($b)
+    {
+        $this->flagDisableStats = $b;
+    }
+
     // @see http://stackoverflow.com/a/13914119
     private function pathMatches($path, $pattern, $ignoreCase = false)
     {
@@ -501,7 +511,7 @@ class MalwareScanner
         }
 
         if ($this->outputFormat) {
-            $map = [
+            $map = array(
                 '%S' => $state,
                 '%T' => $ctime,
                 '%M' => $hash,
@@ -509,9 +519,9 @@ class MalwareScanner
                 '%P' => $pattern,
                 '%C' => $comment,
                 '%L' => $lineNumber,
-            ];
+            );
         } else {
-            $map = [
+            $map = array(
                 '%S' => $state_color . '# ' . $state . $this->ANSI_OFF,
                 '%T' => $this->ANSI_BLUE . $ctime . $this->ANSI_OFF,
                 '%M' => $this->ANSI_BLUE . $hash . $this->ANSI_OFF,
@@ -519,7 +529,7 @@ class MalwareScanner
                 '%P' => $state_color . '#' . $pattern . $this->ANSI_OFF,
                 '%C' => $this->ANSI_BLUE . $comment . $this->ANSI_OFF,
                 '%L' => $lineNumber,
-            ];
+            );
         }
 
         if ($this->outputFormat) {
@@ -604,7 +614,9 @@ class MalwareScanner
 
         $start = time();
         $this->process($dir . '/');
-        $this->report($start, $dir . '/');
+        if (!$this->flagDisableStats) {
+            $this->report($start, $dir . '/');
+        }
         return true;
     }
 
@@ -757,7 +769,7 @@ class MalwareScanner
         }
 
         $content = gzdecode(file_get_contents($file));
-        $this->combined_whitelist = [];
+        $this->combined_whitelist = array();
         $this->combined_whitelist_count = 0;
         foreach (explode("\n", $content) as $line) { // faster than strtok, but needs more memory
             if ($line) {
@@ -795,6 +807,7 @@ class MalwareScanner
         echo '    -o                   --output-format      Custom defined output format' . PHP_EOL;
         echo '    -j                   --wordpress-version  Version of wordpress to get md5 signatures' . PHP_EOL;
         echo '                         --combined-whitelist Combined whitelist' . PHP_EOL;
+        echo '                         --disable-stats      Disable statistics output' . PHP_EOL;
 
     }
 

tools/bigdata/generate.php

@@ -15,6 +15,7 @@ function fetch($url, $file = false)
 
     $headers = array(
         // drupal suxx
+        'Cookie: pxvid=44e1b040-4dde-11e8-b1dc-f15e898556c7; _ga=GA1.2.2042202377.1525247839; _gat=1; _gid=GA1.2.1601332121.1550831838; _px2=eyJ1IjoiZDM3OTk1MDAtMzY4ZC0xMWU5LWI3MDItYTdlMDI1ZWZhZmI2IiwidiI6IjQ0ZTFiMDQwLTRkZGUtMTFlOC1iMWRjLWYxNWU4OTg1NTZjNyIsInQiOjE1NTA4MzIxMzc5MjcsImgiOiJjMjBhNTQzNGIxYWQwNWFiOWUzNTI2OWRjNTM1MjgzNjkxNzg5OTIxNGM4YmIzZDBkZTg5ZTIxMzY0NTc5Zjk3In0=; has_js=1; _pxvid=44e1b040-4dde-11e8-b1dc-f15e898556c7',
         'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15',
     );
     curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
@@ -89,7 +90,7 @@ function fetch_jquery($fp)
     foreach ($m[1] as $k => $file) {
         if (!is_cached($file)) {
             echo 'Downloading: ' . 'https://code.jquery.com/' . $file . PHP_EOL;
-            $data = fetch('https://code.jquery.com/' . $file);
+            $data = fetch('https://code.jquery.com/' . $file) . PHP_EOL;
             if (base64_encode(hash('sha256', $data, true)) != $m[2][$k]) {
                 die('Hash mismatch' . PHP_EOL);
             }