'Invalid auth key')); } $scanner = new AsgardScanner(); $scanner->scan(ABSPATH); $resp = array('unknown'=>$scanner->unknown,'malware'=>$scanner->malware); if (!empty($scanner->result)) $resp['scan_result'] = $scanner->result; wp_send_json_success($resp); } asgard_ext_scan(); function asgard_activate_url() { $q = build_query(array( 'url' => urlencode(get_site_url()), 'client' => urlencode('Wordpress ' . get_bloginfo( 'version' )), 'return_uri' => urlencode(admin_url('admin.php?page=asgard&asgard_authkey={AuthKey}'))) ); return ASGARD_PASSPORT . 'activate?' . $q; } function asgard_activate_notice() { if (is_admin() && !empty($_GET['asgard_authkey']) && is_admin()) { update_option('asgard_authkey', $_GET['asgard_authkey']); } if (get_option('asgard_authkey')) { return; } ?>

Asgard Security. Almost done - activate your account and protect from malware.

' . $path . ' removed

'; } else { echo '

Unable to remove ' . $path . '

'; } } die; } class AsgardTempFile { public $file; public function __construct( $prefix = '' ) { $this->file = tempnam( get_temp_dir() , $prefix ); register_shutdown_function( array( $this, '__destruct' ) ); } public function __toString() { return $this->file; } public function __destruct() { @unlink( $this->file ); } } function asgard_html_error( $err ) { die( '

' . esc_html( $err ) . '

' ); } function asgard_zip_files( $files, $basepath ) { $tmpfile = new AsgardTempFile( 'asgard_zip' ); if ( extension_loaded( 'zip' ) ) { $z = new ZipArchive(); $z->open( $tmpfile, ZIPARCHIVE::CREATE ); foreach ( $files as $file ) { $z->addFile( $file, str_replace( $basepath, '', $file ) ); } $z->close(); } else if ( file_exists( ABSPATH . 'wp-admin/includes/class-pclzip.php' ) ) { require_once ABSPATH . 'wp-admin/includes/class-pclzip.php'; $archive = new PclZip( $tmpfile->file ); $archive->add( $files, PCLZIP_OPT_REMOVE_PATH, $basepath ); } else { asgard_html_error( 'Unable to compress files: enable PHP "zip" extension or upgrade Wordpress (with pclzip)' ); } return $tmpfile->file; } class AsgardScanner { public $files = array(); public $hashlist = array(); public $result = array(); public $malware = 0; public $unknown = 0; public function scan($basepath) { $this->files = array_values( array_filter( list_files( $basepath ), 'asgard_filter_target_file' ) ); $this->hashlist = array_values( array_map( 'asgard_content_hash', $this->files ) ); $res = asgard_send_hashes( $this->hashlist ); $toscan = array(); foreach ( $res as $index ) { $path = $this->files[abs( $index ) - 1]; $verdict = false; if ( $index < 0 ) { $toscan[] = $path; ++$this->unknown; } else { $this->result[$path] = 'Common Malware'; ++$this->malware; } } if ( count( $toscan ) > 0 ) { $zip = asgard_zip_files( $toscan, $basepath ); $scanres = asgard_scan_zip( $zip ); if ( $scanres && $scanres['match'] ) { foreach ( $scanres['verdict'] as $path => $verdict ) { $this->result[$basepath . $path] = $verdict; ++$this->malware; } } } } } function asgard_scan_files_callback() { echo '

'; $t = microtime( true ); $basepath = ABSPATH; $scanner = new AsgardScanner(); $scanner->scan($basepath); $scanned = count($scanner->files); $url = get_site_url(); $blacklist = asgard_blacklist_check($url); if (!empty($blacklist)) { ?>

Blacklist Check

Provider	Verdict
	', $bl['Verdict']); } else echo ($bl['Verdict'] == 'NOT_FOUND' \|\| !$bl['Verdict']) ? 'Clean' : $bl['Verdict']; ?>

Malware Deep Scan

' . sprintf(_n('%d file scanned', '%d files scanned', $scanned, 'asgard'), $scanned) . ' in ' . sprintf('%.3f', microtime( true ) - $t). ' sec.

'; if ( !count( $scanner->result ) ) { echo '

No known malware in files found.

'; die; } ?> result as $path => $verdict ): ?>

Verdict	File

Scan time: sec

Asgard Security Scanner

'@' . $path ) ); } function asgard_blacklist_check($url) { $resp = wp_remote_get('https://asgardapi.com/safeurl/v2beta/lookup?url=' . urlencode($url), array()); $result = json_decode($resp['body'], true); return is_array( $result['results'] ) ? $result['results'] : array(); } function asgard_send_hashes( $hashlist ) { $body = json_encode( array( 'hash' => $hashlist ) ); // send blog url and email for auth // TODO: hack for ext scan $plugin_info = is_admin() ? get_plugin_data( __FILE__ ) : array('Version'=>''); $q = build_query( array( 'checksum' => md5( $body ) , 'site_url' => get_site_url() , 'admin_email' => get_option( 'admin_email' ) , 'wp_version' => get_bloginfo( 'version' ) , 'asgard_checksum' => ASGARD_CHECKSUM, 'asgard_version' => $plugin_info['Version'], ) ); $result = asgard_api_post( ASGARD_API . '/check?' . $q, $body, 'json' ); return is_array( $result['result'] ) ? $result['result'] : array(); }