#!/usr/bin/perl

[0] Fix | Delete

#

[1] Fix | Delete

##

[2] Fix | Delete

# Linux Malware Detect v1.3.9

[3] Fix | Delete

# (C) 2002-2011, R-fx Networks <proj@r-fx.org>

[4] Fix | Delete

# (C) 2011, Ryan MacDonald <ryan@r-fx.org>

[5] Fix | Delete

# inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>

[6] Fix | Delete

# This program may be freely redistributed under the terms of the GNU GPL v2

[7] Fix | Delete

##

[8] Fix | Delete

#

[9] Fix | Delete

[10] Fix | Delete

$named_pipe_name = "/opt/maldetect/hexfifo";

[11] Fix | Delete

$timeout = "3";

[12] Fix | Delete

[13] Fix | Delete

if (-p $named_pipe_name) {

[14] Fix | Delete

eval {

[15] Fix | Delete

local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required

[16] Fix | Delete

alarm $timeout;

[17] Fix | Delete

if (sysopen(FIFO, $named_pipe_name, O_RDONLY)) {

[18] Fix | Delete

while(my $this_line = <FIFO>) {

[19] Fix | Delete

chomp($this_line);

[20] Fix | Delete

$return .= $this_line;

[21] Fix | Delete

}

[22] Fix | Delete

close(FIFO);

[23] Fix | Delete

} else {

[24] Fix | Delete

$errormsg = "ERROR: Failed to open named pipe $named_pipe_name for reading: $!";

[25] Fix | Delete

}

[26] Fix | Delete

alarm 0;

[27] Fix | Delete

};

[28] Fix | Delete

if ($@) {

[29] Fix | Delete

if ($@ eq "alarm\n") {

[30] Fix | Delete

# timed out

[31] Fix | Delete

$errormsg = "Timed out reading from named pipe $named_pipe_name";

[32] Fix | Delete

} else {

[33] Fix | Delete

$errormsg = "Error reading from named pipe: $!";

[34] Fix | Delete

}

[35] Fix | Delete

} else {

[36] Fix | Delete

# didn't time out

[37] Fix | Delete

$instr = $return;

[38] Fix | Delete

}

[39] Fix | Delete

}

[40] Fix | Delete

[41] Fix | Delete

$dat_hexstring="/opt/maldetect/sigs/hex.dat";

[42] Fix | Delete

open(DAT, $dat_hexstring) || die("Could not open $dat_hexstring");

[43] Fix | Delete

@raw_data=<DAT>;

[44] Fix | Delete

close(DAT);

[45] Fix | Delete

[46] Fix | Delete

foreach $hexptr (@raw_data) {

[47] Fix | Delete

chomp($hexptr);

[48] Fix | Delete

($ptr,$name)=split(/:/,$hexptr);

[49] Fix | Delete

if ( grep(/$ptr/, $instr) ) {

[50] Fix | Delete

print "$ptr $name \n";

[51] Fix | Delete

exit;

[52] Fix | Delete

}

[53] Fix | Delete

}

[54] Fix | Delete

[55] Fix | Delete