wh-fs (webhost-filescanner) is a perl script that checks plain text files of your choice against some regexp strings (known as signatures).
If the file matches, it's logged on a file (default:wh-fs.log)
To see what files are scanned, read File rules.
It's main goal is to help the sysadmin find unwanted files like scam files, warez, etc.
For now, it only looks for scam files of facebook, paypal and some common php shells. But you can add more signatures.
Signatures are stored in xml files, under the xml directory. These signatures are pcre regexp strings, so you must escape special characters, etc.
The xml syntax has to be valid. To check validity, use http://validator.w3.org/
Please submit scam files, php shells and others to the project, through the ticket system, anonymously at http://sourceforge.net/p/wh-fs/tickets/new/
Attach files zipped or zip them and upload them to some file hoster or location. Then post the link.
This will make the script find new unwanted files.
For suggestions or any other issue, write a ticket in the ticket system.
First install libxml2, then the XML::LibXML::Reader module.
Note: to install libxml2 or any other dependecy, you need root access
To install, on a debian based distro:
sudo apt-get install libxml2
It's best if you can install this perl modules as root (system wide) with:
sudo cpan module::name
In a console execute:
sudo cpan [module::name]
For example, with the above required modules:
sudo cpan Config::General XML::LibXML::Reader File::Slurp
Follow the instructions, because it has to solve dependencies.
On CentOS, if you don't have the cpan utility, do:
yum install perl-CPAN
Then configure it with:
Read the Configuration page.
perl wh-fs.pl <config_file_path>
<config_file_path>: Where the config file is. (optional, only use if the config file is not the default)
Make sure that the perl process will not use a lot of cpu. You may run in with nice.