Another obfuscated malware check

Merge pull request #80 from elliotkendall/master
Cast $needle in calls to strpos/stripos to string to avoid automatic …
2026-06-16 12:30:35 +00:00 · 2022-08-09 09:18:07 +02:00 · 2022-07-25 19:15:19 +02:00 · 2022-07-25 09:52:27 -07:00
2 changed files with 8 additions and 3 deletions
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -394,3 +394,8 @@ eval(rawurldecode('
 # simple obfuscated function
 'gz'.'unc'.'ompress'
 'create'.'_'.'function'
 'gzinf', 'la', 'te'
 'e_f', 'cti', 'un', 'on', 'cr', 'eat'
 'base', '64_dec', 'ode'
 'cook', 'set', 'ie'
 'repl', 'str_', 'ace'
--- a/scan.php
+++ b/scan.php
@@ -709,14 +709,14 @@ class MalwareScanner
    //Returns true if the raw string exists in the file contents.
    private function scanFunc_STR(&$pattern, &$content)
    {
-        return strpos($content, $pattern);
+        return strpos($content, (string)$pattern);
    }
    //Performs raw string, case insensitive matching.
    //Returns true if the raw string exists in the file contents, ignoring case.
    private function scanFunc_STRI(&$pattern, &$content)
    {
-        return stripos($content, $pattern);
+        return stripos($content, (string)$pattern);
    }
    //Performs regular expression matching.
Author	SHA1	Message	Date
Gabor Gyorvari	aa774f4330	Another obfuscated malware check	2022-08-09 09:18:07 +02:00
Győrvári Gábor	cd1164dbb5	Merge pull request #80 from elliotkendall/master Cast $needle in calls to strpos/stripos to string to avoid automatic …	2022-07-25 19:15:19 +02:00
Elliot Kendall	77ebd8abd7	Cast $needle in calls to strpos/stripos to string to avoid automatic ordinal conversion of integer patterns	2022-07-25 09:52:27 -07:00