Created
April 3, 2013 01:22
-
-
Save skaag/5297719 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Our minimal configuration | |
| LOGFILE=/var/log/uploadtest.log | |
| QUARANTINE_DIR=/opt/quarantine | |
| ############################################################## | |
| # | |
| # Some useful functions | |
| # | |
| # Simple logger | |
| function log { | |
| WHEN=`date` | |
| echo "$WHEN - $1" >> $LOGFILE | |
| } | |
| # Moves an offensive file to a quarantine directory | |
| function quarantine { | |
| # Make sure the directory exists | |
| if [ ! -d "$QUARANTINE_DIR" ]; then | |
| mkdir -p "$QUARANTINE_DIR" | |
| fi | |
| # Move the offending file to quarantine | |
| mv "$1" "$QUARANTINE_DIR" | |
| # Say that we did it | |
| log "File $1 moved to Quarantine ($QUARANTINE_DIR)" | |
| } | |
| # Checks if a file contains a string | |
| function check_string { | |
| # If we find string $2 in file $1 it's probably not a friendly script | |
| if [ "`/bin/grep -c "$2" "$1"`" -gt "0" ]; then | |
| log "ALERT: File $1 contains '$2'" | |
| log "ALERT: File $1 is of type `file $1`" | |
| quarantine "$1" | |
| exit 0; | |
| fi | |
| } | |
| ############################################################## | |
| # | |
| # Main Section | |
| # | |
| log "Testing file $1" | |
| # Does the file contain a php script? | |
| check_string "$1" "?php" | |
| # Does the file contain an eval function call? | |
| check_string "$1" "eval" | |
| # Does the file contain a perl script? | |
| check_string "$1" "perl" | |
| # Everything's OK I guess (Hopefully) | |
| echo 1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment