Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-15 08:06:53 +02:00
parent 7207c1672f
commit 41bd8c86dc
2 changed files with 6 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
malware3.pl
View File

@@ -585,12 +585,12 @@ foreach my $file (sort @files) {
next if $file eq 'custom-facebook-feed-admin.php';
next if $file eq 'membershipadmin.php';
next if $file eq 'wppa-settings-autosave.php';
next if $file eq '*.txt';
next if $file eq '*.rar';
next if $file eq '*.zip';
next if $file eq '*.tar';
next if $file eq '*.gz';
next if $file eq '*.sql';
next if $file eq '*\.txt';
next if $file eq '*\.rar';
next if $file eq '*\.zip';
next if $file eq '*\.tar';
next if $file eq '*\.gz';
next if $file eq '*\.sql';

7
scan.php
View File

@@ -478,41 +478,34 @@ foreach ($tree as $finfo)
unset($match);
}
///<\?(php)?/i - short tag detection problem
if('gif' == $ext && preg_match('/<\?php/i', $tmp))
{
$counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n";
{
print "...INFECTED (PHP open tag inside GIF image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
}
}
elseif('jpg' == $ext && preg_match('/<\?php/i', $tmp))
{
$counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n";
{
print "...INFECTED (PHP open tag inside JPG image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
}
}
elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp))
{
$counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n";
{
print "...INFECTED (PHP open tag inside JPEG image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
}
}