PHP shell detecter

Recommend a good analysis tool for linux, which detected php shell s. Clamav a shell in emphasis does not see.
October 8th 19 at 01:38
5 answers
October 8th 19 at 01:40
October 8th 19 at 01:42
And by the way grep -RPn " system|phpinfo|pcntl_exec|python_eval|base64_decode|gzip|mkdir|fopen|fclose|readfile|passthru)" /var/www and then hands.
uh no... there are scripts called by the modifier /e in preg_replace
They are not so easy to catch. And normal grep will output hundreds of files. So what is needed is the antivirus... - Garrison_Wisoky commented on October 8th 19 at 01:45
October 8th 19 at 01:44
bitdefender. available trial — best available.
October 8th 19 at 01:46
Yes, almost impossible, last time poured all sorts base_decode64

poured a couple who pretended to be jpg files. the result of one tag and setting its parameters to those scripts became useless
If you do not know what kind of engine and how it works, it is virtually impossible to defend. The ban functions the same modifier /e in preg_replace breaks the engine mount because the programmers even commercial engines love to use it. - Garrison_Wisoky commented on October 8th 19 at 01:49
October 8th 19 at 01:48
I would have done differently: first, clean the engine, I believe the checksum of all files (so you can't modify the file), and the checksum of the file list (so you can't add or remove the file). And then every 24 hours spend the same, and then compare the results: if the checksums are equal, then everything is OK, otherwise red.

And then there are backups.

Antiviruses such, I think, simply does not exist.

Find more questions by tags Command linePHPAntivirusesClamAV