Evomalware is a simple BASH script do detect malwares/virus/backdoor/... especially for PHP files.
Shell Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Makefile
README.md
evomalware.filenames
evomalware.filenames.md5
evomalware.patterns
evomalware.patterns.md5
evomalware.sh
evomalware.suspect
evomalware.suspect.md5
evomalware.whitelist
evomalware.whitelist.md5

README.md

Description

EvoMalware is a BASH script which permits to identify files (PHP only ATM) infected by malwares/virus/backdoor.
The main goal is to be used in a cron job to generate reports, but it can be used in "one shot" mode.

The script uses 3 flat text files as databases:

  • evomalware.filenames, known filenames.
  • evomalware.patterns, known patterns.
  • evomalware.whitelist, files to ignore.

There is also an "aggresive" mode which permits to find suspect files using evomalware.suspect DB.
At each run, the script downloads the last databases.

Configuration/Tuning

TODO

Upstream

Upstream is at https://forge.evolix.org/projects/evomalware
GitHub is a mirror.

Interesting others projects