Guys, right now i'm trying to develop a php file that can scan a virus in a server. The file and the virus definition i kept in a separate folder I named it 'virus'. I mean my website is not in a same folder as the virus scanner file. After I've tried to execute it, this error occured;

read())) { $isdir = @is_dir($folder.'/'.$entry); if (!$isdir and $entry!='.' and $entry!='..') { virus_check($folder.'/'.$entry,$defs,$debug); } elseif ($isdir and $entry!='.' and $entry!='..') { file_scan($folder.'/'.$entry,$defs,$debug); } } $d->close(); } } function virus_check($file, $defs, $debug = true) { global $filecount, $infected, $report, $extensions; // find scannable files $scannable = 0; foreach ($extensions as $ext) { if (substr($file,-3)==$ext) $scannable = 1; } // compare against defs if ($scannable) { // affectable formats $filecount++; $data = file($file); $data = implode('\r\n', $data); $clean = 1; foreach ($defs as $virus) { if (strpos($data, $virus[1])) { // file matches virus defs $report .= '
Infected: ' . $file . ' (' . $virus[0] . ')

'; $infected++; $clean = 0; } } if (($debug)&&($clean)) $report .= '
Clean: ' . $file . '

'; } } function load_defs($file, $debug = true) { // reads tab-delimited defs file $defs = file($file); $counter = 0; $counttop = sizeof($defs); while ($counter < $counttop) { $defs[$counter] = explode(' ', $defs[$counter]); $counter++; } if ($debug) echo '
Loaded ' . sizeof($defs) . ' virus definitions

'; return $defs; } function check_defs($file) { // check for >755 perms on virus defs clearstatcache(); $perms = substr(decoct(fileperms($file)),-2); if ($perms > 55) return false; else return true; } function renderhead() { ?>


In other words, it became unintelligable. By the way, below is the coding that I developed;

<?
$path = $_SERVER['DOCUMENT_ROOT'];
$debug = true;
file_scan("http://localhost/pets/", $defs, true);/*my website directory*/
$extensions = Array();
$extensions[] = 'htm';
$extensions[] = 'tml';
$extensions[] = 'txt';
$extensions[] = 'php';
$extensions[] = 'hp4';
$extensions[] = 'hp5';
$extensions[] = '.pl';


// CODE BEGINS -- I probably wouldn't edit this stuff

// declare variables
$report = '';

// output html headers
renderhead();

// set counters
$dircount = 0;
$filecount = 0;
$infected = 0;

// load virus defs from flat file
if (!check_defs('virus.def'))
	trigger_error("Virus.def vulnerable to overwrite, please change permissions", E_USER_ERROR);
$defs = load_defs('virus.def', $debug);

// scan specified root for specified defs
file_scan($path, $defs, $debug);

// output summary
echo '<h1>Scan Completed</h2>';
echo '<div id=summary>';
echo '<p><strong>Scanned folders:</strong> ' . $dircount . '</p>';
echo '<p><strong>Scanned files:</strong> ' . $filecount . '</p>';
echo '<p class=r><strong>Infected files:</strong> ' . $infected . '</p>';
echo '</div>';

// output full report
echo $report;


function file_scan($folder, $defs, $debug = true) {
	// hunts files/folders recursively for scannable items
	global $dircount, $report;
	$dircount++;
	if ($debug)
		$report .= '<p class="d">Scanning folder $folder ...</p>';
	if ($d = @dir($folder)) {
		while (false !== ($entry = $d->read())) {
			$isdir = @is_dir($folder.'/'.$entry);
			if (!$isdir and $entry!='.' and $entry!='..') {
				virus_check($folder.'/'.$entry,$defs,$debug);
			} elseif ($isdir  and $entry!='.' and $entry!='..') {
				file_scan($folder.'/'.$entry,$defs,$debug);
			}
		}
		$d->close();
	}
}

function virus_check($file, $defs, $debug = true) {
	global $filecount, $infected, $report, $extensions;

	// find scannable files
	$scannable = 0;
	foreach ($extensions as $ext) {
		if (substr($file,-3)==$ext)
			$scannable = 1;
	}

	// compare against defs
	if ($scannable) {
		// affectable formats
		$filecount++;
		$data = file($file);
		$data = implode('\r\n', $data);
		$clean = 1;
		foreach ($defs as $virus) {
			if (strpos($data, $virus[1])) {
				// file matches virus defs
				$report .= '<p class="r">Infected: ' . $file . ' (' . $virus[0] . ')</p>';
				$infected++;
				$clean = 0;
			}
		}
		if (($debug)&&($clean))
			$report .= '<p class="g">Clean: ' . $file . '</p>';
	}
}

function load_defs($file, $debug = true) {
	// reads tab-delimited defs file
	$defs = file($file);
	$counter = 0;
	$counttop = sizeof($defs);
	while ($counter < $counttop) {
		$defs[$counter] = explode('	', $defs[$counter]);
		$counter++;
	}
	if ($debug)
		echo '<p>Loaded ' . sizeof($defs) . ' virus definitions</p>';
	return $defs;
}

function check_defs($file) {
	// check for >755 perms on virus defs - this is linux command
	clearstatcache();
	$perms = substr(decoct(fileperms($file)),-2);
	if ($perms > 55)
		return false;
	else
		return true;
}

function renderhead() {
?>

<html>
<head>
<title>Virus scan</title>
<style type="text/css">
h1 {
	font-family: arial;
}

p {
	font-family: arial;
	padding: 0;
	margin: 0;
	font-size: 10px;
}

.g {
	color: #009900;
}

.r {
	color: #990000;
	font-weight: bold;
}

.d {
	color: #ccc;
}

#summary {
	border: #333 solid 1px;
	background: #f0efca;
	padding: 10px;
	margin: 10px;
}

#summary p {
	font-size: 12px;
}
</style>
</head>

<body>

<?
}
?>

</body>
</html>

By the way, this coding was used for linux platform. Right now I'm trying to develop it with Windows platform. Hopefully you guys can help me. Thanks in advanced.

That is not an error message, that is simply PHP code being dumped as output. That is what you'll get when you request a PHP-coded file from a webserver that is not configured to process PHP or a PHP-coded file using an extension that the webserver does not expect to be PHP.

The code is not scrambled or anything, it simply has lost its line breaks and tabs because a browser ignores those white-space characters when displaying the code.

It wouldn't have occured to me without Troy's post. I looked at your code for about 15 minutes last night then after reading Troy's post this AM it clicked.

Haha...anyway you spent time to look at it. That is much appreciated. And to Troy too...thanks

Sorry, but I´m very interested in how to put a virus scanner in my file hosting.
Can I use your code? (I ask first)
And, if the first reply is yes: Where i can download the virus.def files, and do I need anymore to upload or configure?
Thanks ^^

This article has been dead for over six months. Start a new discussion instead.