I have taken a great interest in PHP-AV for usage in my open-source (GPLv3) Cloud PaaS project. I have already modified a yuuuuge chunk of it to make using it a little bit more friendly for my users (fault of my AppLauncher, NOT PHP-AV).
At any rate, I can't help but notice/admit that this app is out-of-date. In the latest round of updates I enabed MD5 and SHA256 hashing and comparison to the scanning portion of PHP-AV.
My latest version, updated 2/5/2017 (included in https://github.com/zelon88/HRCloud2) contains a highly updated "virus.def" file containing some pertinent new virus information. In addition to these additions, the definitions are now capable of having a second and third array-element added to include an MD5 hash and an SHA256 hash for the selected item. My PHP-AV will check the filename and file-contents just like stock PHP-AV, but then also hashes the target file and compares that to $virus[2] containing the supplied MD5 hash from the file definitions and $virus[3] containing the supplied SHA256 hash.
If you would allow me corroborate with you to make some tweaks, I would like to supply you with stand-alone code that enables these features for your original repo. This will allow standard users of stock PHP-AV to take advantage of the latest definitions/features I'm enabling.
Please let me know if you ever want contributors to this project. I've read all your code, and my skills pale in comparison to yours. Regardless I've got an itch that only coding can scratch and this project rocks. Let me know if you ever need anything.
Quick follow up. The new PHP-AV scans files and looks for infection in in the filename, the contents of the file, the files MD5 hash, and the files SHA256 hash. It's virus definitions are nearly 1,500 lines long, and each line represents a different infection it looks for. I am very happy with the outcome. It serves my purposes well. Thanks again!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My latest fork of PHP-A/V chops files into chunks and scans their contents, then scans the filename, MD5 hash, and SHA256 hash and compares them all against the virus definition file.
I'm in the middle of a test-run of PHP-A/V v2.9 for HRCloud2 with my fingers crossed that the scan performs properly. It's been about an hour so far. I'm not surprised though, scans usually take a long time depending on the amound of data on the server. Custom php.ini configurations are required though. Fingers crossed!
For more info and source code check out the Github link in the first post of this thread.
Thanks again!
zelon88
Last edit: zelon88 2017-10-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Just finished updating another huge chunk of PHP-AV. The latest round of updates gives us a detailed report of all files, folders, and chunks scanned as well as virus defs that are loaded. The report is created as PHP performs it's scan and the client gets to follow along in semi-real-time with a user-selectable update interval for the console.
Also, a ton of bugs were fixed. There are still some things I'd like to do with this project but I'm very satisfied with the progress so far.
Last edit: zelon88 2018-07-02
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello there!
I have taken a great interest in PHP-AV for usage in my open-source (GPLv3) Cloud PaaS project. I have already modified a yuuuuge chunk of it to make using it a little bit more friendly for my users (fault of my AppLauncher, NOT PHP-AV).
At any rate, I can't help but notice/admit that this app is out-of-date. In the latest round of updates I enabed MD5 and SHA256 hashing and comparison to the scanning portion of PHP-AV.
My latest version, updated 2/5/2017 (included in https://github.com/zelon88/HRCloud2) contains a highly updated "virus.def" file containing some pertinent new virus information. In addition to these additions, the definitions are now capable of having a second and third array-element added to include an MD5 hash and an SHA256 hash for the selected item. My PHP-AV will check the filename and file-contents just like stock PHP-AV, but then also hashes the target file and compares that to $virus[2] containing the supplied MD5 hash from the file definitions and $virus[3] containing the supplied SHA256 hash.
If you would allow me corroborate with you to make some tweaks, I would like to supply you with stand-alone code that enables these features for your original repo. This will allow standard users of stock PHP-AV to take advantage of the latest definitions/features I'm enabling.
Please let me know if you ever want contributors to this project. I've read all your code, and my skills pale in comparison to yours. Regardless I've got an itch that only coding can scratch and this project rocks. Let me know if you ever need anything.
zelon88
https://github.com/zelon88
Last edit: zelon88 2017-02-18
Quick follow up. The new PHP-AV scans files and looks for infection in in the filename, the contents of the file, the files MD5 hash, and the files SHA256 hash. It's virus definitions are nearly 1,500 lines long, and each line represents a different infection it looks for. I am very happy with the outcome. It serves my purposes well. Thanks again!
Quick update...
My latest fork of PHP-A/V chops files into chunks and scans their contents, then scans the filename, MD5 hash, and SHA256 hash and compares them all against the virus definition file.
I'm in the middle of a test-run of PHP-A/V v2.9 for HRCloud2 with my fingers crossed that the scan performs properly. It's been about an hour so far. I'm not surprised though, scans usually take a long time depending on the amound of data on the server. Custom php.ini configurations are required though. Fingers crossed!
For more info and source code check out the Github link in the first post of this thread.
Thanks again!
zelon88
Last edit: zelon88 2017-10-20
Hi again!
Just finished updating another huge chunk of PHP-AV. The latest round of updates gives us a detailed report of all files, folders, and chunks scanned as well as virus defs that are loaded. The report is created as PHP performs it's scan and the client gets to follow along in semi-real-time with a user-selectable update interval for the console.
Also, a ton of bugs were fixed. There are still some things I'd like to do with this project but I'm very satisfied with the progress so far.
Last edit: zelon88 2018-07-02