List,
I've developed a new plugin which uses ClamAV to find malware on
your site. The basic idea is that w3af will send all http response
bodies to clamd, and then report any findings it returns.
I need your help for testing! Follow these steps if you've got
some minutes to spare:
git clone g...@github.com:andresriancho/w3af.git
cd w3af
git checkout feature/clam
git pull
./w3af_console # Install the new clamd dependency using pip
# Install clamd in your system (this is for ubuntu):
sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
sudo freshclam
sudo service clamav-daemon start
Then, run a scan against your site using the new grep.clamav
plugin. Remember that for the grep plugin to analyze your site, you
need to activate a crawl plugin like web_spider.
If you want to test with something "real", remember you can use
the EICAR test binary[0]
Happy testing!
[0] http://www.eicar.org/85-0-Download.html
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
