#!/usr/bin/perl

[0] Fix | Delete

#

[1] Fix | Delete

##

[2] Fix | Delete

# Linux Malware Detect v1.3.9

[3] Fix | Delete

# (C) 2002-2011, R-fx Networks <proj@r-fx.org>

[4] Fix | Delete

# (C) 2011, Ryan MacDonald <ryan@r-fx.org>

[5] Fix | Delete

# inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>

[6] Fix | Delete

# This program may be freely redistributed under the terms of the GNU GPL v2

[7] Fix | Delete

##

[8] Fix | Delete

#

[9] Fix | Delete

[10] Fix | Delete

use warnings;

[11] Fix | Delete

[12] Fix | Delete

if ($#ARGV != 0) {

[13] Fix | Delete

print "usage: string\n";

[14] Fix | Delete

exit;

[15] Fix | Delete

}

[16] Fix | Delete

[17] Fix | Delete

$instr = $ARGV[0];

[18] Fix | Delete

[19] Fix | Delete

[20] Fix | Delete

$dat_hexstring="/opt/maldetect/sigs/hex.dat";

[21] Fix | Delete

open(DAT, $dat_hexstring) || die("Could not open $dat_hexstring");

[22] Fix | Delete

@raw_data=<DAT>;

[23] Fix | Delete

close(DAT);

[24] Fix | Delete

[25] Fix | Delete

foreach $hexptr (@raw_data) {

[26] Fix | Delete

chomp($hexptr);

[27] Fix | Delete

($ptr,$name)=split(/:/,$hexptr);

[28] Fix | Delete

if ( grep(/$ptr/, $instr) ) {

[29] Fix | Delete

print "$ptr $name \n";

[30] Fix | Delete

exit;

[31] Fix | Delete

}

[32] Fix | Delete

}

[33] Fix | Delete

[34] Fix | Delete