EvoMalware is a BASH script which permits to identify files (PHP only ATM)
infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in "one shot" mode.
The script uses 3 flat text files as databases:
- evomalware.filenames, known filenames.
- evomalware.patterns, known patterns.
- evomalware.whitelist, files to ignore.
There is also an "aggresive" mode which permits to find suspect files using
At each run, the script downloads the last databases.
Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.