added ELGG & added Binary match to scanner

2018-06-07 08:34:38 +02:00 · 2018-06-07 08:34:38 +02:00 · e2329ce9b9
commit e2329ce9b9
parent a272b428f0
3 changed files with 7 additions and 1 deletions
--- a/cms-ver.php
+++ b/cms-ver.php
@ -179,6 +179,7 @@
        array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"),
        array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"),
        array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"),
+        array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),

 // still need to work on these
    array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review
--- a/cms-vss.php
+++ b/cms-vss.php
@ -192,6 +192,7 @@
        array("CRE Loaded/Loaded Commerce", "/includes/version.php", "define('PROJECT_VERSION', 'Loaded Commerce", "EOL"),
        array("CodeIgniter", "/system/codeigniter/core/CodeIgniter.php", "define('CI_VERSION',", "Maintained"),
        array("LimeSurvey", "/application/config/version.php", "\$config['versionnumber'] =", "Maintained"),
+        array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),

 // still need to work on these
    array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review
@ -202,7 +203,6 @@
    array("Admidio", "/adm_program/system/constants.php", "define('ADMIDIO_VERSION_MAIN',"), // needs two more lines
    array("Get Simple CMS", "/admin/inc/configuration.php", "\$site_full_name"), // needs one more line
    array("SquirrelCart", "/squirrelcart/functions/base/sc_version.func.php", "function sc_version() {"), //needs one more line
-    array("ELGG", "/version.php", "release ="), // false positives with Moodle -< needs one more line
    array("CMS Made Simple", "/version.php", "CMS_VERSION ="), // needs 3 lines more
    array("DataLife Engine", "/index.php", "dle_version ="), //needs one more line
    array("phpCoin", "/version.php", "ThisVersion"), //needs one more line
--- a/scan.py
+++ b/scan.py
@ -243,6 +243,7 @@ scoring = {
  'EITEST':                   (65, u'Eitest'),
  'CRYPTO':                   (65, u'Cryptocurrency Miners'),
  'HTML_JS':                  (20, u'HTML & Javascript Malware'),
+  'BINARY':                   (10, u'Binary File - Possible LRE or CryptoMiner'),
 }


@ -560,6 +561,10 @@ def is_hacked(filename):
            score.append(('HTML_JS', ''))
        previous_line = l

+        if 'PROT_EXEC|PROT_WRITE failed.' in l \
+            or 'This file is packed with the UPX executable packer' in l:
+            score.append(('BINARY', ''))
+
    if line_num < 20:
        score.append(('FEW_LINES', '%i lines' % line_num))
    elif line_num < 100: