Better information / context in output #62
Comments
|
Have you tried the verbose mode via |
|
Hello No I had not - Just did a test and yikes! That's a lot of verbosity :D What I am looking for is a way to get concise information which will actually make it faster to identify the needles in the haystack. Re. #60 : Is it possible to specify verbose mode when using No wait nevermind - I just noticed phpmalwarefinder is actually a shell script that just invokes yara! Hah, I thought it was something more opaque - I can just read that source and figure out the bits and pieces I need. I'll see what I come up with and maybe do a pull request if it makes sense. Anyway, thank you for the feedback. However, I think this request still has some merit: It would be great with reworked output which would actually assist you in sorting the bad stuff from the good. |
Similar to #39 it would be great if the tool were to output some more context.
E.g. line number (if possible) of hits, or snippets of code from file that matched the rule in question. I am not sure if this is possible, but it would be a helpful addition.
It can be quite the challenge to sort through the noise on a large site with many themes and plugins. I have (through limited trial and error) found that e.g. a hit with subsequent ObfuscatedPhp and also a DodgyPhp on a file is a good hint something is wrong (or just multiple hits on the same file, in general).
Also I've seen SuspiciousEncoding be a good indicator of bad stuff - however this is not one of the flags you pick out for your (in your own words "hacky") You should take a look at the files listed below section.
So yeah, some more context, or some more "intelligent" rules for your recommended section would be awesome 👍
The text was updated successfully, but these errors were encountered: