Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Palma Solutions LTD
2017-05-15 08:06:53 +02:00
parent 7207c1672f
commit 41bd8c86dc
2 changed files with 6 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
malware3.pl
View File

@@ -585,12 +585,12 @@ foreach my $file (sort @files) {
next if $file eq 'custom-facebook-feed-admin.php'; next if $file eq 'custom-facebook-feed-admin.php';
next if $file eq 'membershipadmin.php'; next if $file eq 'membershipadmin.php';
next if $file eq 'wppa-settings-autosave.php'; next if $file eq 'wppa-settings-autosave.php';
next if $file eq '*.txt'; next if $file eq '*\.txt';
next if $file eq '*.rar'; next if $file eq '*\.rar';
next if $file eq '*.zip'; next if $file eq '*\.zip';
next if $file eq '*.tar'; next if $file eq '*\.tar';
next if $file eq '*.gz'; next if $file eq '*\.gz';
next if $file eq '*.sql'; next if $file eq '*\.sql';

7
scan.php
View File

@@ -478,41 +478,34 @@ foreach ($tree as $finfo)
unset($match); unset($match);
} }
///<\?(php)?/i - short tag detection problem
if('gif' == $ext && preg_match('/<\?php/i', $tmp)) if('gif' == $ext && preg_match('/<\?php/i', $tmp))
{ {
$counter_infected++; $counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}"; if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n"; if($print_infected || $print_all) print "\n";
{ {
print "...INFECTED (PHP open tag inside GIF image)\n"; print "...INFECTED (PHP open tag inside GIF image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
} }
} }
elseif('jpg' == $ext && preg_match('/<\?php/i', $tmp)) elseif('jpg' == $ext && preg_match('/<\?php/i', $tmp))
{ {
$counter_infected++; $counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}"; if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n"; if($print_infected || $print_all) print "\n";
{ {
print "...INFECTED (PHP open tag inside JPG image)\n"; print "...INFECTED (PHP open tag inside JPG image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
} }
} }
elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp)) elseif('jpeg' == $ext && preg_match('/<\?php/i', $tmp))
{ {
$counter_infected++; $counter_infected++;
//$counter_error++;
if($print_infected) print "{$finfo['path']}{$finfo['fname']}"; if($print_infected) print "{$finfo['path']}{$finfo['fname']}";
if($print_infected || $print_all) print "\n"; if($print_infected || $print_all) print "\n";
{ {
print "...INFECTED (PHP open tag inside JPEG image)\n"; print "...INFECTED (PHP open tag inside JPEG image)\n";
// print("\n\ERROR: {$finfo['path']}{$finfo['fname']} will not be auto-deleted, you have to delete it manually if you think it's a threat!\n\n");
} }
} }