scr34m
commented
7 years ago The 04.php is not really a backdoor, no eval or code running called
Patterns updated from 02.php with one general regexp and an exact match.
Closed n3t closed 7 years ago
scr34m
commented
7 years ago The 04.php is not really a backdoor, no eval or code running called
Patterns updated from 02.php with one general regexp and an exact match.
n3t
commented
7 years ago Hi, thanks for update, however these new patterns raised som false positives in Joomla 3.8.1 installation. First it is phpmailer class, and then joomla native file restore.php.
Pavel
scr34m
commented
7 years ago restore.php contains contains \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 match modified for 3 decimals in a row class.phpmailer.php contains \037\075\077\137\177 match modified to have 6 subgroup not just 5
n3t
commented
7 years ago Thanks, this solved all false positives.
Pavel
Hi,
first thank you for you great tool, it is real time saver in detecting malware.
Please find attached 2 types of backdoor files not detected. Hope it will help to improve your scanner.
Pavel
breaches.zip