jvoisin/php-malware-finder

Detect potentially malicious PHP files

PHPLGPL-3.0

Issues

Lots of false positives when scanning Wordpress source
#126 opened 2 years ago by bojan-future
2
Provide proper exit code based on the result of the scan
#125 opened 2 years ago by AronNovak
1
Crash when using whitelist tool
#104 opened 2 years ago by NathanVss
6
cannot make build
#120 opened 2 years ago by verybigelephants
7
fatal pointer error on --long-lines due to outdated dependency
#118 opened 2 years ago by BaderSZ
0
php-malware crashed if not run from it's own dir
#115 opened 3 years ago by shaygover
0
More info
#97 opened 3 years ago by fernandoch777
7
How to whitelist
#108 opened 3 years ago by fernandoch777
1
Is this a truly backdoor and where is it?
#110 opened 3 years ago by hugonh
1
generate-whitelist.py - multiple issues on centos 6.10
#109 opened 3 years ago by jeffchulg
3
Fails to find a lot of malware
#107 opened 4 years ago by simplenotezy
1
Use without yara
#106 opened 4 years ago by simplenotezy
1
Bro ,Can anyone help ,How to Fix it?? i am Noob
#105 opened 4 years ago by kingsalman99
2
detecting PHP in images
#93 opened 5 years ago by vinnytroia
2
Whitelisting portions of file
#103 opened 5 years ago by NathanVss
2
error: syntax error, unexpected <base64>, expecting identifier
#100 opened 5 years ago by staticdnweb
6
php.yar warning
#101 opened 5 years ago by GlenBleidd
3
Maybe keep the samples in a separate repo ?
#99 opened 5 years ago by HenkPoley
1
How to install
#85 opened 5 years ago by tibu
2
need to update your wordpress.yar file for latest wordpress version 5.1
#82 opened 5 years ago by abhayp-cedcoss
6
Updated whitelists?
#59 opened 5 years ago by Kramerican
3
yara.SyntaxError undefined identifier "IsWhitelisted"
#70 opened 5 years ago by gnurob
9
unknown module "hash"
#98 opened 5 years ago by sherbn
2
It is detecting all wordpress files
#96 opened 5 years ago by fernandoch777
5
getting running with yara
#94 opened 5 years ago by jdnrg
5
Spip whitelist support
#89 opened 5 years ago by camlafit
5
Installling on macOS?
#92 opened 5 years ago by Backpackstudio
5
Yara.warningerror related to $pr about regex .+ use
#88 opened 5 years ago by camlafit
5
Rule $concat_with_spaces causes a lot of false positives
#87 opened 6 years ago by scottcwilson
3
Clean up our main script
#65 opened 7 years ago by jvoisin
5
List of scan items? Making Wazuh rules and decoders
#83 opened 6 years ago by 32bitbradley
2
warning shown in php.yar file
#81 opened 6 years ago by ufairiya
2
How to update YARA to the latest version please help
#80 opened 6 years ago by abhayp-cedcoss
1
External logging
#79 opened 6 years ago by Geolim4
8
Installation instructions
#77 opened 6 years ago by rotemreiss
2
@include should generate a warning
#71 opened 7 years ago by lcssanches
0
Improve your ruleset?
#68 opened 7 years ago by wireghoul
1
Detect more htaccess-based webshell
#69 opened 7 years ago by jvoisin
0
Whitelist not working
#55 opened 7 years ago by furiatona
3
Add detection for Nano
#67 opened 7 years ago by jvoisin
1
Generate whitelist 404
#66 opened 7 years ago by acosonic
1
Check this batch of samples
#63 opened 7 years ago by jvoisin
1
Remove the "mail" command in docroot-check.sh
#64 opened 7 years ago by nicocha30
0
Better information / context in output
#62 opened 7 years ago by Kramerican
2
Option to exclude images/specific filetypes
#60 opened 7 years ago by Kramerican
2
How do config files work?
#61 opened 7 years ago by Kramerican
1
Unable to find yara in your PATH, and in the current directory.
#53 opened 7 years ago by kingkarki
3
php.yar(1): error: syntax error, unexpected _IDENTIFIER_
#57 opened 7 years ago by nerdcorenet
2
Undetected sample: 'awvjtnz'
#58 opened 7 years ago by robbat2
1
php backdoors repo to check pmf against
#52 opened 8 years ago by shaddai
1