介紹

HomePage: https://github.com/scr34m/php-malware-scanner

Installation

composer.phar global require scr34m/php-malware-scanner

; php.ini 的 disable_functions 不可以有 proc_open
disable_functions =

Install on Location: /root/.config/composer/vendor/scr34m/php-malware-scanner/scan.php

Usage: /root/.config/composer/vendor/bin/scan

Opts

-e <file extension>  --extension          File Extension to Scan (defaults to ".php")

-i <directory|file>  --ignore             Directory of file to ignore

-x                   --extra-check        Adds GoogleBot and htaccess to Scan List

-b                   --base64             Scan for base64 encoded PHP keywords

-j                   --wordpress-version  Version of wordpress to get md5 signatures

That will automatically get md5sums from wordpress api

(https://api.wordpress.org/core/checksums/1.0/?version=x.x.x) and add it to whitelist.

To check your version simply check wp-includes/version.php file of your wordpress

-L                   --line-number        Display matching pattern line number in file

-c                   --comment            Display comments for matched patterns

-k                   --hide-ok            Hide results with 'OK' status

-w                   --hide-whitelist     Hide results with 'WL' status