README update with new -r flag

Merge pull request #67 from mitchobrian/master
Feature flagHideErr #66
2026-06-16 12:30:35 +00:00 · 2021-02-24 16:47:13 +01:00 · 2021-02-24 16:45:34 +01:00 · 2021-02-24 13:36:10 +01:00 · 2020-11-17 08:07:52 +01:00 · 2020-11-17 04:06:03 +01:00
3 changed files with 38 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ Usage: php scan.php -d <directory>
    -x                   --extra-check        Adds GoogleBot and htaccess to Scan List
    -l                   --follow-symlink     Follow symlinked directories
    -k                   --hide-ok            Hide results with 'OK' status
+    -r                   --hide-err           Hide results with 'ER' status
    -w                   --hide-whitelist     Hide results with 'WL' status
    -n                   --no-color           Disable color mode
    -s                   --no-stop            Continue scanning file after first hit
@@ -113,6 +114,22 @@ It is guaranteed that IF 'base64_decode' was present in the plain text code, the
 The presence of 'YmFzZTY0X2RlY29kZ' in a block of code may be because 'ase64_decod' was in the original code.  
 ote the missing edge characters which is due to bit misalignment and character bleed.

+Using as library
+----------------
+
+The scan.php perform a check, that it's called by commandline or not, so to use as library use different directory than scan.php it self.
+ 
+```php
+<?php
+
+require_once '../scan.php';
+
+$scan = new MalwareScanner();
+$scan->setFlagHideWhitelist(true);
+$scan->setFlagHideOk(true);
+$scan->run('../samples/test');
+```
+
 Resources
 ---------

--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -201,6 +201,7 @@ eval(base64_decode(
 $data = base64_decode("
 edoced_46esab
 base=base64_encode
+'b'.'ase6'.'4_e'.'ncode'
 cr"."eat"."e_fun"."cti"."on
 gz'.'inf'.'late
 # fopo.com.ar - free online php obfuscator. It conveniently leaves comments in the code.
@@ -260,6 +261,9 @@ itsoknoproblembro
 tmhapbzcerff
 IndoXploit
 FaisaL Ahmed aka rEd X
+smisbot
+smotherbot
+Indonesian Hacker Rulez

 # WP-VCD Malware https://www.getastra.com/blog/911/how-to-fix-wp-vcd-backdoor-hack-in-wordpress-functions-php/
 wp-vcd
--- a/scan.php
+++ b/scan.php
@@ -2,13 +2,13 @@

 /*
 * Copyright (c) 2016 Gabor Gyorvari
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *  http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -31,6 +31,7 @@ class MalwareScanner
    private $flagChecksum = false;
    private $flagComments = false;
    private $flagHideOk = false;
+    private $flagHideErr = false;
    private $flagHideWhitelist = false;
    private $flagNoStop = false;
    private $flagPattern = false;
@@ -203,7 +204,7 @@ class MalwareScanner
        }
    }

-    private function addWordpressChecksums($wp_version)
+    public function addWordpressChecksums($wp_version)
    {
        $apiurl = 'https://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version;
        $json = json_decode(file_get_contents($apiurl));
@@ -298,6 +299,9 @@ class MalwareScanner
        if (isset($options['hide-ok']) || isset($options['k'])) {
            $this->setFlagHideOk(true);
        }
+        if (isset($options['hide-err']) || isset($options['r'])) {
+            $this->setFlagHideErr(true);
+        }
        if (isset($options['hide-whitelist']) || isset($options['w'])) {
            $this->setFlagHideWhitelist(true);
        }
@@ -396,6 +400,11 @@ class MalwareScanner
        $this->flagHideOk = $b;
    }

+    public function setFlagHideErr($b)
+    {
+        $this->flagHideErr = $b;
+    }
+
    public function setFlagHideWhitelist($b)
    {
        $this->flagHideWhitelist = $b;
@@ -490,6 +499,9 @@ class MalwareScanner
            $state = 'WL';
            $state_color = $this->ANSI_YELLOW;
        } else {
+            if ($this->flagHideErr) {
+                return;
+            }
            $state = 'ER';
            $state_color = $this->ANSI_RED;
        }
@@ -820,6 +832,7 @@ class MalwareScanner
        echo '    -x                   --extra-check        Adds GoogleBot and htaccess to Scan List' . PHP_EOL;
        echo '    -l                   --follow-symlink     Follow symlinked directories' . PHP_EOL;
        echo '    -k                   --hide-ok            Hide results with \'OK\' status' . PHP_EOL;
+        echo '    -r                   --hide-err           Hide results with \'ER\' status' . PHP_EOL;
        echo '    -w                   --hide-whitelist     Hide results with \'WL\' status' . PHP_EOL;
        echo '    -n                   --no-color           Disable color mode' . PHP_EOL;
        echo '    -s                   --no-stop            Continue scanning file after first hit' . PHP_EOL;
Author	SHA1	Message	Date
Gabor Gyorvari	9624ec4403	README update with new -r flag	2021-02-24 16:47:13 +01:00
Győrvári Gábor	335b13b7c4	Merge pull request #67 from mitchobrian/master Feature flagHideErr #66	2021-02-24 16:45:34 +01:00
Michael Palmer	78bee49176	https://github.com/scr34m/php-malware-scanner/issues/66	2021-02-24 13:36:10 +01:00
Győrvári Gábor	cc0fdc7a9f	Merge pull request #63 from aldavigdis/patch-1 Adding definitions based on recent code injection	2020-11-17 08:07:52 +01:00
Alda Vigdis Skarphedinsdottir	ec8f9920ba	Adding definitions based on recent code injection	2020-11-17 04:06:03 +01:00
Gabor Gyorvari	5883c68f54	Small example how to use as library, fix #61	2020-10-05 13:34:16 +02:00
Gabor Gyorvari	22b51a1ee3	Change addWordpressChecksums to public, fix #58	2020-10-05 10:59:13 +02:00