PHP malwares hiding as CSS files

marcocesarato / PHP-Antimalware-Scanner

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

https://marcocesarato.github.io/PHP-Antimalware-Scanner/

GNU General Public License v3.0

618 stars 105 forks source link

PHP malwares hiding as CSS files #106

Open ebourg opened 2 months ago

ebourg commented 2 months ago

The scanner fails to detect PHP malwares hiding as CSS files. The filename follows the pattern: \.[0123456789abcdef]{8}\.(css|ccss), for example .dd8cff6b.css.

Once the extension is changed to .php the file is properly detected by the scanner.

ebourg commented 2 months ago

I tried the --scan-all option but the scanner crashed. Would it be possible to add .css files and hidden files to the set of files scanned by default?