http://iscanner.isecur1ty.org/
iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it’s also able to clean these files by removing the malware code ONLY from the infected files.
在 centos 環境下測試
需要安裝 ruby
簡單測試
./iscanner -R http://ssorc.tw
Starting iScanner 0.7 on [lo135.lib.tw] at (Wed Nov 24 13:40:26 2010)
Copyright (C) 2010 iSecur1ty <http://iscanner.isecur1ty.org>[*] Opening “http://ssorc.tw“, please wait…
[*] Scanning “ssorc.tw-13:40:27-24.Nov.html”. (db:0.2.0 – 22/Sep/2010)[!] Scanned file: ./ssorc.tw-13:40:27-24.Nov.html
Signature: [id:2.0] (<script.+?unescapes*(.+?).*?</script>)
Description: Javascript ‘unescape’ function detected, possible obfuscated malicious code.[*] Scan finished in (2) seconds, [1] suspicious files found.
Please check “infected-13:40:26-24.Nov.log” for details.
其它就參考它的 Usage
1. 可以掃檔案 -F
2. 可以掃目錄 -f
3. 可以自定掃什麼檔案類型 -e
4. 自已定義signature 來使用 -M
5. 更新資料庫 -u
6. 更新主程式與資料庫 -U
留言