Start Scan");
}
}else{
?>
M Antivirus Scanner
| File Scanned | : | 0 |
| File Infected | : | 0 |
| Scan Speed | : | 0 |
$path/$file is ".($c?'infected Shell':'safe')."
\n";
//if($c==true) die();
}
}
}
function filecheck($path){
global $forbiden_function;
if(!file_exists($path)) return;
$handle = fopen($path, 'r');
if($handle==null) return;
$isphp = preg_match("/(\.php|\.phtml)/i", basename($path))?1:0;
$valid = 0; // init as false
$heuristic = 0;
$heuristic_adv1= 0;
if($isphp==0) return false;
while (($buffer = fgets($handle)) !== false) {
if(preg_match("/(\<\?php)/i", $buffer)){
$isphp+=1;
}
if($isphp>1){
if(preg_match("/(".implode("|",$forbiden_function).")/i", $buffer)){
if(substr( trim($buffer), 0, 2 ) != "\\")
$valid+=1;
if($valid>0 && $isphp>1)break; // Once you find the string, you should break out the loop.
}
}
}
fclose($handle);
if((filesize($path) < 1024 * 1024 * 10) && $isphp>1){
$data = file_get_contents($path);
$heuristic_adv1= has_bypass_function_concat($data);
$h = is_virus($data);
$heuristic = $h['point'];
if((filesize($path)*(0.1/100))> count(explode("\n",$data))){
$valid +=(($heuristic_adv1>1)?3:$heuristic_adv1);
}
$valid += $heuristic;
}
//echo "ret:$valid,$isphp,$heuristic,$heuristic_adv1 | ";
return ($isphp>1 && ($valid>2));
}
function is_virus($data){
global $forbiden_function;
$check =0;
$reason =[];
foreach($forbiden_function as $fc){
if(!preg_match("/(".$fc.")/i", $data))continue;
$ehem = get_string_between($data,"$fc","(");
if(($ehem=="MBOH")) continue;
if(trim($ehem)=="") {
$check+=1;
}
}
$d = tag_contents($data,"/*","*/");
foreach((($d!=null)?$d:[]) as $dat){
$ehem = get_string_between($dat,"$fc","(");
if(trim($ehem)=="") $check-=1;
}
return ["point"=>$check,'reason'=>$reason];
}
function has_bypass_function_concat($data){
global $forbiden_function;
$check =0;
$weird =0;
$cleardata = $data;
foreach ([".",","] as $h){
foreach ([" $h ","$h","$h "," $h"] as $val1){
$weird += substr_count($data,"'$val1'");
$weird += substr_count($data,"\"$val1\"");
$cleardata = str_replace("'$val1'","",$cleardata);
$cleardata = str_replace("\"$val1\"","",$cleardata);
}
}
if(preg_match("/(".implode("|",$forbiden_function).")/i", $cleardata)) $check+=1;
return $check+(($weird>40)?1:0);
}
function get_string_between($string, $start, $end){
$string = ' ' . $string;
$ini = strpos($string, $start);
if ($ini == 0) return 'MBOH';
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
function get_string_between_all($string, $start, $end) {
$start = ($start);
$end = ($end);
$pattern = "~$start\s*(.*?)$end\s*~";
$match = preg_match_all($pattern, $string, $matches);
if ($match) {
return $matches[1];
}
}
function tag_contents($string, $tag_open, $tag_close){
$result = [];
foreach (explode($tag_open, $string) as $key => $value) {
if(strpos($value, $tag_close) !== FALSE){
$result[] = substr($value, 0, strpos($value, $tag_close));;
}
}
return $result;
}
?>