Sample update

Make it compatible with php 8.1

README.md

@@ -34,7 +34,7 @@ Usage: php scan.php -d <directory>
     -t                   --time               Show time of last file change
     -L                   --line-number        Display matching pattern line number in file
     -o                   --output-format      Custom defined output format
-    -j                   --wordpress-version  Version of wordpress to get md5 signatures
+    -j <version>         --wordpress-version  Version of wordpress to get md5 signatures
                          --combined-whitelist Combined whitelist
                          --custom-whitelist   Loads whitelist from specified file and merge with existing
                          --disable-stats      Disable statistics output

definitions/patterns_raw.txt

@@ -384,6 +384,11 @@ cGhwOi8vaW5wdXQ=
 # backdoor script
 <font color="red">Upload Gagal..</font><br />
 explode('?>',$shell
+0.33333333333333+0.33333333333333+0.33333333333333
+0.66666666666667+0.66666666666667+0.66666666666667
+1.3333333333333+1.3333333333333+1.3333333333333
+class _t{private static$_
+'LQ'.'=='
 
 # common mobile agent check in SEO poison scripts
 Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
@@ -393,4 +398,9 @@ eval(rawurldecode('
 
 # simple obfuscated function
 'gz'.'unc'.'ompress'
-'create'.'_'.'function'
+'create'.'_'.'function'
+'gzinf', 'la', 'te'
+'e_f', 'cti', 'un', 'on', 'cr', 'eat'
+'base', '64_dec', 'ode'
+'cook', 'set', 'ie'
+'repl', 'str_', 'ace'

definitions/patterns_re.txt

@@ -147,4 +147,7 @@ eval\([A-Za-z]{5,}\(\) \. '
 eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
 
 # gzip payload called by variable named function
-\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
+\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
+
+# obfuscated code return with error suppression
+return @\$[a-z]{2}\d+\[\d+\]\(\$[a-z]{2}\d+\[\d+\],

scan.php

@@ -622,8 +622,8 @@ class MalwareScanner
     private function report($start, $dir)
     {
         $end = time();
-        echo 'Start time: ' . strftime('%Y-%m-%d %H:%M:%S', $start) . PHP_EOL;
-        echo 'End time: ' . strftime('%Y-%m-%d %H:%M:%S', $end) . PHP_EOL;
+        echo 'Start time: ' . date('Y-m-d H:m:s', $start) . PHP_EOL;
+        echo 'End time: ' . date('Y-m-d H:m:s', $end) . PHP_EOL;
         echo 'Total execution time: ' . ($end - $start) . PHP_EOL;
         echo 'Base directory: ' . $dir . PHP_EOL;
         echo 'Total directories scanned: ' . $this->stat['directories'] . PHP_EOL;
@@ -859,7 +859,7 @@ class MalwareScanner
         echo '    -t                   --time               Show time of last file change' . PHP_EOL;
         echo '    -L                   --line-number        Display matching pattern line number in file' . PHP_EOL;
         echo '    -o                   --output-format      Custom defined output format' . PHP_EOL;
-        echo '    -j                   --wordpress-version  Version of wordpress to get md5 signatures' . PHP_EOL;
+        echo '    -j <version>         --wordpress-version  Version of wordpress to get md5 signatures' . PHP_EOL;
         echo '                         --combined-whitelist Combined whitelist' . PHP_EOL;
         echo '                         --disable-stats      Disable statistics output' . PHP_EOL;