A community collection of rules to detect frontend and backend malware. Samples were found in the wild on Magento sites.
On a standard Linux or Mac OSX server, run two commands to find infected files:
# download latest rules
wget https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/build/all-confirmed.txt
# do a recursive search on the Magento files in /var/www
grep -Erlf all-confirmed.txt /var/www
It will show you, for example:
/var/www/skin/cc.php
/var/www/errors/backdoor.php
/var/www/app/Mage.php
You should examine these files, and delete or restore them from a clean backup.
For the free MageReport we already analyse lots of malware samples. Now, many system administrators are doing the same work. That's incredibly inefficient.
Goal:
Once a particular strain of malware has been found and analyzed, nobody should have to duplicate these efforts.
This repository is a community effort of security conscious people. Contributions most welcome!
Travis-CI verifies:
- that all samples are detected
- all signatures match at least one sample
- Magento releases do not trigger false positives