added HTML and Javascript spam/malware detection

2018-05-23 08:35:42 +02:00 · 2018-05-23 08:35:42 +02:00 · 3088f558d8
commit 3088f558d8
parent 4ea2a01806
2 changed files with 5 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.vscode/settings.json
--- a/scan.py
+++ b/scan.py
@ -242,6 +242,7 @@ scoring = {
  'SOCIALS':                  (50, u'Email addresses, links and social networking'),
  'EITEST':                   (65, u'Eitest'),
  'CRYPTO':                   (65, u'Cryptocurrency Miners'),
+  'HTML_JS':                  (20, u'HTML & Javascript Malware'),
 }


@ -554,6 +555,9 @@ def is_hacked(filename):
        if re.compile('User-Agent.*cpuminer').match(l) \
            or 'stratum+tcp' in l:
            score.append(('CRYPTO', ''))
+        
+        if 'width: 0; height: 0; display: none; visibility: hidden;' in l:
+            score.append(('HTML_JS', ''))
        previous_line = l

    if line_num < 20: