Skip to content

Commit

Permalink
v1.9 - Fix a bunch of inconsistencies in virus.def, fix false negativ…
Browse files Browse the repository at this point in the history 
…es, improve performance.

-v1.9.
-PHP-AV Engine to v4.1.
-AV Defs to v5.0.
-Fix bugs with whitespace in the data match code.
-Fixed bugs when not run on an HTTPS server.
-Redesign some of the checks in PHP-AV-Lib.
-Reduce false negatives.
-Improve performance.
  • Loading branch information
@zelon88
zelon88 authored Aug 23, 2019
1 parent 086d27b commit 5782623
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 46 deletions.
20 changes: 20 additions & 0 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
COMMIT 8/22/2019
v1.9 - Fix a bunch of inconsistencies in virus.def, fix false negatives, improve performance.

-v1.9.
-PHP-AV Engine to v4.1.
-AV Defs to v5.0.
-Fix bugs with whitespace in the data match code.
-Fixed bugs when not run on an HTTPS server.
-Redesign some of the checks in PHP-AV-Lib.
-Reduce false negatives.
-Improve performance.

--------------------
COMMIT 8/21/2019
v1.8 - Add more robust absolute path generation.

-v1.8.
-Copy/paste some absolute path code from HRCloud2.

--------------------
COMMIT 4/10/2019
v1.7 - PHP-AV App to v4.0. Defs to v4.9. Improve consistency of scan results.

Expand Down
84 changes: 42 additions & 42 deletions PHP-AV-Lib.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php
$memoryLimit = 4000000;
$chunkSize = 1000000;
$memoryLimit = 4000000000;
$chunkSize = 1000000000;
$report = '';
$filecount = $infected = $dircount = 0;
$CONFIG = Array();
Expand Down Expand Up @@ -57,6 +57,7 @@ function virus_check($file, $defs, $debug, $defData, $AVLogFile) {
$filesize = filesize($file);
$data1 = hash_file('md5', $file);
$data2 = hash_file('sha256', $file);
$data3 = hash_file('sha1', $file);
// / Scan files larger than the memory limit by breaking them into chunks.
if ($filesize >= $memoryLimit && file_exists($file)) {
$txt = 'OP-Act: Chunking file ... ';
Expand All @@ -69,9 +70,10 @@ function virus_check($file, $defs, $debug, $defData, $AVLogFile) {
$txt = 'OP-Act: Scanning chunk ... ';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND); }
foreach ($defs as $virus) {
$virus = explode("\t", $virus[0]);
if (isset($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE or strpos(strtolower($file), strtolower($virus[1])) !== FALSE) {
$virus = explode(" \t", $virus[0]);
$virus[1] = trim($virus[1]);
if (isset($virus[1])) {
if (stripos($data, $virus[1]) !== FALSE or stripos($file, $virus[1]) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
Expand All @@ -83,23 +85,23 @@ function virus_check($file, $defs, $debug, $defData, $AVLogFile) {
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>'; }
fclose($handle); }
if (isset($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
if (isset($virus[2])) {
if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
if (isset($virus[3])) {
if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
if (isset($virus[4])) {
if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
Expand All @@ -108,46 +110,44 @@ function virus_check($file, $defs, $debug, $defData, $AVLogFile) {
$infected++;
$clean = 0; } } } } }
// / Scan files smaller than the memory limit by fitting the entire file into memory.
if ($filesize < $memoryLimit && file_exists($file)) {
$data = file_get_contents($file); }
if ($defData !== $data2) {
$clean = 1;
foreach ($defs as $virus) {
$virus = explode("\t", $virus[0]);
if (isset($virus[1]) && $virus[1] !== '' && $virus[1] !== ' ') {
if (strpos(strtolower($data), strtolower($virus[1])) !== FALSE or strpos(strtolower($file), strtolower($virus[1])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[2]) && $virus[2] !== '' && $virus[2] !== ' ') {
if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[3]) && $virus[3] !== '' && $virus[3] !== ' ') {
if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
if ($filesize < $memoryLimit && file_exists($file)) $data = file_get_contents($file);
$clean = 1;
foreach ($defs as $virus) {
$virus = explode("\t", $virus[0]);
$virus[1] = trim($virus[1]);
if (isset($virus[1])) {
if (stripos($data, $virus[1]) or stripos($virus[1], $data)) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', Data Match: '.$virus[1].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[4]) && $virus[4] !== '' && $virus[4] !== ' ') {
if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
if (isset($virus[2])) {
if (strpos(strtolower($data1), strtolower($virus[2])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', MD5 Hash Match: '.$virus[2].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }}
if (($debug) && ($clean)) {
$report .= '<p class="g">Clean: '.$file.'</p>'; } }
$clean = 0; } }
if (isset($virus[3])) {
if (strpos(strtolower($data2), strtolower($virus[3])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA256 Hash Match: '.$virus[3].')';
$MAKELogFile = file_put_contents($AVLogFile, 'OP-Act: '.$txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } }
if (isset($virus[4])) {
if (strpos(strtolower($data3), strtolower($virus[4])) !== FALSE) {
// File matches virus defs.
$txt = 'Infected: '.$file.' ('.$virus[0].', SHA1 Hash Match: '.$virus[4].')';
$MAKELogFile = file_put_contents($AVLogFile, $txt.PHP_EOL, FILE_APPEND);
$report .= '<p class="r">'.$txt.'</p>';
$infected++;
$clean = 0; } } }
if (($debug) && ($clean)) $report .= '<p class="g">Clean: '.$file.'</p>';
return $infected; }
// / -----------------------------------------------------------------------------------
?>
6 changes: 3 additions & 3 deletions scanCore.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

// / -----------------------------------------------------------------------------------
// / The following code sets an echo variable that adjusts printed URL's to https when SSL is enabled.
if (!empty($_SERVER['HTTPS']) && $_SERVER['SERVER_PORT'] == 443) $URLEcho = 's';
if ($_SERVER['SERVER_PORT'] !== 443) $URLEcho = 's';
// / -----------------------------------------------------------------------------------

// / -----------------------------------------------------------------------------------
Expand All @@ -50,8 +50,8 @@

// / -----------------------------------------------------------------------------------
// / The following code sets the global variables for the session.
$HRScanVersion = 'v1.8';
$versions = 'PHP-AV App v4.0 | Virus Definition v4.9, 4/10/2019';
$HRScanVersion = 'v1.9';
$versions = 'PHP-AV App v4.1 | Virus Definition v5.0, 8/22/2019';
$Date = date("m_d_y");
$Time = date("F j, Y, g:i a");
$JanitorDeleteIndex = FALSE;
Expand Down
2 changes: 1 addition & 1 deletion versionInfo.php
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?php
// / This file contains the current HRScan2 version for auto-update purposes.

$Version = 'v1.8';
$Version = 'v1.9';

0 comments on commit 5782623

Please sign in to comment.