Webhost file scanner

What is it?



wh-fs (webhost-filescanner) is a perl script that checks plain text files of your choice against some regexp strings (known as signatures).

If the file matches, it's logged on a file (default:wh-fs.log)
To see what files are scanned, read File rules.

It's main goal is to help the sysadmin find unwanted files like scam files, warez, etc.
For now, it only looks for scam files of facebook, paypal and some common php shells. But you can add more signatures.
Signatures are stored in xml files, under the xml directory. These signatures are pcre regexp strings, so you must escape special characters, etc.
The xml syntax has to be valid. To check validity, use http://validator.w3.org/

User input



Please submit scam files, php shells and others to the project, through the ticket system, anonymously at http://sourceforge.net/p/wh-fs/tickets/new/
Attach files zipped or zip them and upload them to some file hoster or location. Then post the link.
This will make the script find new unwanted files.
For suggestions or any other issue, write a ticket in the ticket system.

To do



  • Add more signatures
  • Signature updater


INSTALL

DOWNLOAD

Required perl modules



  • Config::General
  • XML::LibXML::Reader
  • File::Slurp
  • And obviously, perl

Required dependecies



  • libxml2

First install libxml2, then the XML::LibXML::Reader module.
Note: to install libxml2 or any other dependecy, you need root access
To install, on a debian based distro:

sudo apt-get install libxml2

How to install a perl module



It's best if you can install this perl modules as root (system wide) with:

sudo cpan module::name

In a console execute:

sudo cpan [module::name]

For example, with the above required modules:

sudo cpan Config::General XML::LibXML::Reader File::Slurp

Follow the instructions, because it has to solve dependencies.

CentOS

On CentOS, if you don't have the cpan utility, do:

yum install perl-CPAN

Then configure it with:

cpan


How to use

Configuration

Read the Configuration page.

Usage


perl wh-fs.pl <config_file_path>


<config_file_path>: Where the config file is. (optional, only use if the config file is not the default)
Make sure that the perl process will not use a lot of cpu. You may run in with nice.

index.txt · Last modified: 2012/03/16 00:22 by hexbase
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki