Closed n3t closed 7 years ago
The 04.php is not really a backdoor, no eval or code running called
Patterns updated from 02.php with one general regexp and an exact match.
Hi, thanks for update, however these new patterns raised som false positives in Joomla 3.8.1 installation. First it is phpmailer class, and then joomla native file restore.php.
Pavel
restore.php contains contains \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 match modified for 3 decimals in a row class.phpmailer.php contains \037\075\077\137\177 match modified to have 6 subgroup not just 5
Thanks, this solved all false positives.
Pavel
Hi,
first thank you for you great tool, it is real time saver in detecting malware.
Please find attached 2 types of backdoor files not detected. Hope it will help to improve your scanner.
Pavel
breaches.zip