Блог - заметки - Infected Linux hosting

All pages on one of our websites got infected by some browser exploit. Linux hosting!! I spent few minutes to write a micro antivirus, because the backup copy of the site was not at hand. The infection is a solid block of text after normal page contents so the task is easy: detect it via signature then truncate the file.

·· [Continuing · Продолжение] ··

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> void Check( const char *fn ) { printf("%s: ", fn); FILE *fp = fopen(fn, "r+"); if( fp==NULL ){ printf("File not found.\n"); return; } fseek( fp, 0, SEEK_END ); long sz = ftell(fp); fseek( fp, 0, SEEK_SET ); char *buf = (char*)malloc( sz ); if( !buf ){ printf("Memory allocation error!\n"); exit(-1); } fread( buf, sz, 1, fp ); fclose(fp); char *ptr=strstr(buf, "<div id='x0"); if( ptr==NULL ){ printf("CLEAN\n"); }else{ printf("VIRUS FOUND!\n"); if( ptr>buf ) ptr--; while( (ptr-buf)>0 && int(*ptr)<=32 ) ptr--; truncate( fn, ptr-buf+1 ); } free( buf ); }

int main( int argc, char *argv[] ) { if( argc<2 ){ printf("Usage: %s <filenames>\n", argv[0]); return 0; } for( int f=1; f<argc; f++ ) Check( argv[f] ); return 0; }

Блог - заметки

Post details: Infected Linux hosting

Infected Linux hosting

12/30/08 10:12:20 pm

Сетевая жизнь, Linux, Программирование, Programming, Linux

Comments:

Leave a comment:

Blogs :

Categories :

Search :

Archives :

Misc