This package checks if a given hash or file is registered as malware in Team Cymru database.
Install via composer:
composer require cbi/php-malware-checker
If you don't have the hash you can generate it using a resouce or the uri to the file, by default it uses the md5 algo:
// Generate a hash from a resource
MalwareChecker::makeHash($resouce); // fea80f2db003d4ebc4536023814aa885
MalwareChecker::makeHash($resouce, 'sha1'); // 38f00f8738e241daea6f37f6f55ae8414d7b0219
// Generate a hash from an uri
MalwareChecker::makeHash($uri); // fea80f2db003d4ebc4536023814aa885
MalwareChecker::makeHash($uri, 'sha1'); // 38f00f8738e241daea6f37f6f55ae8414d7b0219
// Generate multiple hashes from one file
MalwareChecker::makeHashes($uri, ['md5', 'sha1']) // ['fea80f2db003d4ebc4536023814aa885', '38f00f8738e241daea6f37f6f55ae8414d7b0219']
MalwareChecker::makeHashes($resouce, ['md5', 'sha1']) // ['fea80f2db003d4ebc4536023814aa885', '38f00f8738e241daea6f37f6f55ae8414d7b0219']To check the generated hashes you can use two methods, check and checkMany, they use different protocols to avoid cluttering the database.
To check a single hash use the following function:
MalwareChecker::check($infectedHash); // ['hash' => 'f58628917abcbcfb2b2258b6b46bf721', timestamp => '1511919759' detection_percentage => '68']
MalwareChecker::check($safeHash); // falseTo check multiple hashed use checkMany method, this method only returns the infected hashes among all the provided:
MalwareChecker::checkMany($hashes); // [ ... ['hash' => 'f58628917abcbcfb2b2258b6b46bf721', timestamp => '1511919759' detection_percentage => '68']]Execute tests using vendor/bin/phpunit from the project root.
MIT. Copyright (c) CBI Consulting.