Skip to content

Commit

Permalink
feat: Immediately show the listing of files having detected as being …
Browse files Browse the repository at this point in the history 
…a virus (blacklist) or containing a virus (edited file having a virus load)
  • Loading branch information
@cavo789
cavo789 committed Sep 3, 2023
1 parent e81ead6 commit 6657e86
Show file tree
Hide file tree
Showing 4 changed files with 122 additions and 90 deletions.
44 changes: 35 additions & 9 deletions aesecure_quickscan.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
*
* version 2.0.3
* + Prevent empty files to be scanned
* + Immediately show the listing of files having detected as being a virus (blacklist) or
* containing a virus (edited file having a virus load)
*
* version 2.0.2
* + Revert to PHP 8.0 compatibility
Expand Down Expand Up @@ -2739,6 +2741,8 @@ private function getCountFiles(mixed $echo = true, mixed &$arrFiles = null): boo
unset($dir);

$arrFiles = [];
$arrFilesBlacklisted = [];
$arrFilesEditlisted = [];

// Collect all files but ignore this script
$IgnoreArchives = $this->aeSession->get('IgnoreArchives', true);
Expand Down Expand Up @@ -2783,10 +2787,12 @@ private function getCountFiles(mixed $echo = true, mixed &$arrFiles = null): boo
if (isset($this->_arrBlackListHashes[$md5])) {
// Already known as bad?
$arrFiles[] = $filename;
$arrFilesBlacklisted[] = str_replace(DIR.'/', '', $filename);
++$wNbrBlacklisted;
} elseif (isset($this->_arrEditedHashes[$md5])) {
// Already known as having a virus in it?
$arrFiles[] = $filename;
$arrFilesEditlisted[] = str_replace(DIR.'/', '', $filename);
++$wNbrEdited;
} elseif (isset($this->_arrCMSHashes[$md5]) || isset($this->_arrWhiteListHashes[$md5]) || isset($this->_arrOtherHashes[$md5])) {
// if the hash of file is listed in the CMS core file,
Expand Down Expand Up @@ -2859,15 +2865,17 @@ private function getCountFiles(mixed $echo = true, mixed &$arrFiles = null): boo
} catch (\Exception $exception) {
}

echo json_encode(
[
'count' => count($arrFiles),
'whitelisted' => $wNbrWhitelisted,
'blacklisted' => $wNbrBlacklisted,
'edited' => $wNbrEdited,
'skipped' => $wNbrSkipped,
],
JSON_THROW_ON_ERROR
sort($arrFilesBlacklisted);

echo sprintf(
'{"count":%d,"whitelisted":%d,"blacklisted":%d,"blacklisting":%s,"edited":%d,"editlisting":%s,"skipped":%d}',
count($arrFiles),
$wNbrWhitelisted ?? 0,
$wNbrBlacklisted ?? 0,
json_encode($arrFilesBlacklisted),
$wNbrEdited ?? 0,
json_encode($arrFilesEditlisted),
$wNbrSkipped ?? 0
);

// Prevent a warning; flush only if there is something to flush
Expand Down Expand Up @@ -4128,7 +4136,9 @@ function numberWithCommas(x) {
data:$data,
dataType:"json",
success: function (json) {

var $msg="<?php echo str_replace('"', '\"', (string) $aeLanguage->get('GETCOUNTFILESDONE'));?>".replace("%s",numberWithCommas(json.count));

$msg=$msg.replace("%s",numberWithCommas(json.blacklisted));
$msg=$msg.replace("%s",numberWithCommas(json.edited));
$msg=$msg.replace("%s",numberWithCommas(json.whitelisted));
Expand All @@ -4138,6 +4148,22 @@ function numberWithCommas(x) {

$('#startscan').html("3. <?php echo $aeLanguage->get('SCANFILES');?>".replace("%s",numberWithCommas(json.count)));

if (json.blacklisting != "") {
$blacklisting='';
$.each(json.blacklisting, function(){
$blacklisting+="<li><?php echo $aeLanguage->get('ISAVIRUS');?>: "+this+"</li>";
});
$('#resultGetCountFilesButtons').append("<ol>"+$blacklisting+"</ol>");
}

if (json.editlisting != "") {
$editlisting='';
$.each(json.editlisting, function(){
$editlisting+="<li><?php echo $aeLanguage->get('CONTAINAVIRUS');?>: "+this+"</li>";
});
$('#resultGetCountFilesButtons').append("<ol>"+$editlisting+"</ol>");
}

if(json.count<=$maxFilesByCycle) {

$('button[id^=startscan_]').hide();
Expand Down
14 changes: 8 additions & 6 deletions settings/aesecure_quickscan_lang_en-GB.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"ALERTINFO": "This script will scan your entire site to search for some virus 'patterns' <span style=\"font-style:italic;\">(for performance reasons, files over %s will be ignored).</span><span class=\"newline underline\">The action of the script consists in running a scan: by default no file deletion will be made so there is no risk to run it on your site.</span>",
"ALERTWARNING": "Some considerations to understand&nbsp;:&nbsp;<br/><br/><ol><li>The scan is superficial and by no means exhaustive; only a few signatures have been searched while hacking possibilities are very numerous,</li><li>if the script detects the presence of certain signatures (e.g. \"base64_decode\"). This doesn't mean that your site has been hacked. Indeed, some instructions are used in a hack (like base64_decode) but are also used in safe source code,</li><li>Results should <strong>ALWAYS</strong> be properly understood before taking any action. Ask for help on a forum e.g. if you doubt.</li><li>This script is not optimized : the scan is done file by file and can take more or less time depending on the complexity of your site.</li></ol>The script author accepts no responsibility for any liability for misuse of the script or action taken by the webmaster.",
"ALL": "All",
"APPLY": "Apply",
"APPLY": "Apply",
"BADCHMOD": "This file is not accessible: its 'chmod' does not permit reading it.",
"BLACKLISTED": "<strong class=\"text-danger\">This file is known as bad. Tip: delete it.</strong>",
"BTNCLEAN": "Clean the cache and temp folders",
Expand All @@ -18,9 +18,10 @@
"BTNSCANHINT": "Starts scanning the site; this may take time.",
"CANCEL": "Cancel",
"CLEANFOLDER": "The folder %s has been cleaned",
"CONTAINAVIRUS":"File(s) containing a virus",
"DANGER": "Danger",
"DEBUGMODEENABLED": "Debugging mode enabled (the %s file will be used for logging)",
"DEBUG_MODE": "Debug mode",
"DEBUGMODEENABLED": "Debugging mode enabled (the %s file will be used for logging)",
"DESCRIPTION": "aeSecure QuickScan is a php script to put on your website and to start from a URL in order to scan your website and search for viruses, malware, trojans, Black hat SEO, ...",
"DIRNOTFOUND": "The %s folder doesn't exist.",
"EDITED": "<strong class=\"text-danger\">This file contains a virus, you have to edit it to remove the infected code.</strong>",
Expand Down Expand Up @@ -49,13 +50,14 @@
"IGNORE_TEXTES": "Text (other than html)",
"IGNORE_TITLE": "Ignore the following files:",
"INFO": "Information",
"ISAVIRUS":"This file is a virus",
"JS_CONFIRMKILL": "Are you sure you want to remove the file %s ?",
"JS_FILENOTFOUND": "<div class=\"alert alert-danger\"><strong>File not found or read-only status</strong></div>",
"JS_KEEPWHITELIST": "After identifying somes files as safe, aeSecure has created a file called aesecure_quickscan.whitelist.json on your site.\\n\\nWould you like to keep this file so that the next time you'll use aeSecure QuickScan again, these files won't be listed again?\\n\\nClick on OK to keep the file.",
"JS_UNLINKERROR": "<div class=\"alert alert-success\"><strong>It was impossible to remove the file</strong> Unknown error</div>",
"JS_UNLINKSUCCESS": "<div class=\"alert alert-success\"><strong>The file has been removed</strong></div>",
"KILL_FILE": "Kill this file",
"KILL_FILE_HINT": "<span class='text-danger' style='font-size:1.2em;'><strong>Delete file</strong><br/>After your confirmation, the file will be permanently deleted from the server.<hr/>This operation is risky and could lead to problems in your site.</span>",
"KILL_FILE": "Kill this file",
"LASTMOD": "Last mod. date",
"MD5": "Hash of the file based on its content (if the content is changed even by only one single byte, the hash will be completely different).",
"NOTHINGFOUND": "Good news ! No dangerous signature has been detected on your site. Note however, that this scan is by no means exhaustive.",
Expand All @@ -69,8 +71,8 @@
"SAFE": "Safe",
"SCANFILES": "Scan %s file(s)",
"SCANFOLDER": "Folder to be scanned :",
"SEE_FILE": "See the content of the file",
"SEE_FILE_HINT": "<strong>See the content of the file</strong><br/>Opens a new tab in your browser so as to display the source code of the file.<hr/><span class='text-success'>Il the file is a php script, in no way will the file be executed. Viewing its source code is not risky.</span>",
"SEE_FILE": "See the content of the file",
"SELECT_LANGUAGE": "Select your language",
"SEND": "Send",
"SORRYNOHASHES": "Sorry, the files bearing the signatures of your CMS %s v.%s have not been found. Scanning your website will take much more time.",
Expand All @@ -86,6 +88,6 @@
"WARNING": "Warning",
"WARNINGBASE64ENCODEDPATTERN": "Virus authors sometimes use \"base64\" coding to hide their viral code; some PHP keywords such as \"eval\" or \"system\" allow the execution of a code and the signature that is mentioned here can be risky. To decode base64 code, you can use different \"base64_decode\" decoders available on the net, such as https://base64.avonture.be/",
"WARNINGNOTMANDATORYAVIRUS": "This is not necessarily a virus! but the keyword used is suspicious",
"WHITE_LIST": "Flag this file as safe",
"WHITE_LIST_HINT": "<strong>Add this file to the whitelist.</strong><br/>If you don't want this file anymore in the list of suspicious files and you know that the file is clean, add it to the whitelist."
"WHITE_LIST_HINT": "<strong>Add this file to the whitelist.</strong><br/>If you don't want this file anymore in the list of suspicious files and you know that the file is clean, add it to the whitelist.",
"WHITE_LIST": "Flag this file as safe"
}
Loading

0 comments on commit 6657e86

Please sign in to comment.