search

btoplak / Joomla-Anti-Malware-Scan-Script--JAMSS-

a Joomla! and WordPress Security script that automatically scans the Joomla! or Wordpress files for some patterns and "fingerprints" of malware, trojans or other injections into PHP code
146 stars 102 forks source link

All suspect files being reported as the JAMSS file and from the JAMSS file #19

Closed greenlanegreb closed 1 year ago

greenlanegreb commented 5 years ago

Hi, I have called my file jams.php (apologies about the typo). I can't see how the tool is intended to report the suspect files that it spots as jamss.php as I thought the objective was to actually identify files...

Example:

In file ./jams.php-> we found 1 occurence(s) of String 'WSOsetcookie' Line #: 99

... WSOsetcookie|Hmei7|Inbox Mass Mailer|HackTeam|Hackeado'; $jamssStrings .= 'Janissaries|Miyachung|ccteam|Adminer|OOO000000|$GLOBALS|findsysfolder'; $jamssStrings .= 'makeret.ru';

// this patterns wil ... --> ./jams.php is a file. It was last accessed: 2019-04-27T07:42:52+01:00, last changed: 2019-04-27T07:42:48+01:00, last modified: 2019-04-27T07:42:48+01:00. File permissions:0644

Many thanks.

btoplak commented 1 year ago

Sorry for the late reply. The file should be named exactly jamss.php, to avoid scanning itself. In the latest development version (not uploaded yet) this behavior is improved and the script file name is not important anymore.