Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/AnonR/anonr.TX.../proc/self/root/opt/maldetec...
File: hexfifo.pl
#!/usr/bin/perl
[0] Fix | Delete
#
[1] Fix | Delete
##
[2] Fix | Delete
# Linux Malware Detect v1.3.9
[3] Fix | Delete
# (C) 2002-2011, R-fx Networks <proj@r-fx.org>
[4] Fix | Delete
# (C) 2011, Ryan MacDonald <ryan@r-fx.org>
[5] Fix | Delete
# inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
[6] Fix | Delete
# This program may be freely redistributed under the terms of the GNU GPL v2
[7] Fix | Delete
##
[8] Fix | Delete
#
[9] Fix | Delete
[10] Fix | Delete
$named_pipe_name = "/opt/maldetect/hexfifo";
[11] Fix | Delete
$timeout = "3";
[12] Fix | Delete
[13] Fix | Delete
if (-p $named_pipe_name) {
[14] Fix | Delete
eval {
[15] Fix | Delete
local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
[16] Fix | Delete
alarm $timeout;
[17] Fix | Delete
if (sysopen(FIFO, $named_pipe_name, O_RDONLY)) {
[18] Fix | Delete
while(my $this_line = <FIFO>) {
[19] Fix | Delete
chomp($this_line);
[20] Fix | Delete
$return .= $this_line;
[21] Fix | Delete
}
[22] Fix | Delete
close(FIFO);
[23] Fix | Delete
} else {
[24] Fix | Delete
$errormsg = "ERROR: Failed to open named pipe $named_pipe_name for reading: $!";
[25] Fix | Delete
}
[26] Fix | Delete
alarm 0;
[27] Fix | Delete
};
[28] Fix | Delete
if ($@) {
[29] Fix | Delete
if ($@ eq "alarm\n") {
[30] Fix | Delete
# timed out
[31] Fix | Delete
$errormsg = "Timed out reading from named pipe $named_pipe_name";
[32] Fix | Delete
} else {
[33] Fix | Delete
$errormsg = "Error reading from named pipe: $!";
[34] Fix | Delete
}
[35] Fix | Delete
} else {
[36] Fix | Delete
# didn't time out
[37] Fix | Delete
$instr = $return;
[38] Fix | Delete
}
[39] Fix | Delete
}
[40] Fix | Delete
[41] Fix | Delete
$dat_hexstring="/opt/maldetect/sigs/hex.dat";
[42] Fix | Delete
open(DAT, $dat_hexstring) || die("Could not open $dat_hexstring");
[43] Fix | Delete
@raw_data=<DAT>;
[44] Fix | Delete
close(DAT);
[45] Fix | Delete
[46] Fix | Delete
foreach $hexptr (@raw_data) {
[47] Fix | Delete
chomp($hexptr);
[48] Fix | Delete
($ptr,$name)=split(/:/,$hexptr);
[49] Fix | Delete
if ( grep(/$ptr/, $instr) ) {
[50] Fix | Delete
print "$ptr $name \n";
[51] Fix | Delete
exit;
[52] Fix | Delete
}
[53] Fix | Delete
}
[54] Fix | Delete
[55] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function