Base64_encode patterns - Githubissues

btoplak / Joomla-Anti-Malware-Scan-Script--JAMSS-

a Joomla! and WordPress Security script that automatically scans the Joomla! or Wordpress files for some patterns and "fingerprints" of malware, trojans or other injections into PHP code

146 stars 102 forks source link

Base64_encode patterns #4

Closed SniperSister closed 10 years ago

SniperSister commented 11 years ago

As some larger hosting companys (1und1) start using their own malware scanners I would suggest to base64 encode (or symmetrically encrypt) the used patterns to prevent a false positive detection of your script.

btoplak commented 11 years ago

Hallo David,

thank you very much for your comment.

This is a good idea hiding the patterns from other scanners. I'll think about implementing it in future releases. But I think other scanners could also react on base64 function usage, at least JAMSS will, so if the developers of those scripts want to fix the accuracy of their script, they will need to do some whitelisting too. I am working on it for JAMSS

SniperSister commented 11 years ago

Okay, just wanted to make you aware of these problems as i stumbled upon them while using another scanner script on a client site hosted at 1und1.