From 3088f558d86d155b47a065e2cda185b7d4ab9194 Mon Sep 17 00:00:00 2001
From: Palma Solutions LTD <malin@cenusa.me>
Date: Wed, 23 May 2018 08:35:42 +0200
Subject: [PATCH] added HTML and Javascript spam/malware detection

---
 .gitignore | 1 +
 scan.py    | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c6f9a44
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vscode/settings.json
diff --git a/scan.py b/scan.py
index 6195687..72157c0 100644
--- a/scan.py
+++ b/scan.py
@@ -242,6 +242,7 @@ scoring = {
   'SOCIALS':                  (50, u'Email addresses, links and social networking'),
   'EITEST':                   (65, u'Eitest'),
   'CRYPTO':                   (65, u'Cryptocurrency Miners'),
+  'HTML_JS':                  (20, u'HTML & Javascript Malware'),
 }
 
 
@@ -554,6 +555,9 @@ def is_hacked(filename):
         if re.compile('User-Agent.*cpuminer').match(l) \
             or 'stratum+tcp' in l:
             score.append(('CRYPTO', ''))
+        
+        if 'width: 0; height: 0; display: none; visibility: hidden;' in l:
+            score.append(('HTML_JS', ''))
         previous_line = l
 
     if line_num < 20: