'Invalid auth key' ) ); } $scanner = new AsgardScanner(); $scanner->scan( ABSPATH ); $resp = array( 'unknown'=>$scanner->unknown, 'malware'=>$scanner->malware ); if ( !empty( $scanner->scanres ) ) $resp['scan_result'] = $scanner->scanres; if (!empty($_GET['plugins_info'])) { if ( ! function_exists( 'get_plugins' ) ) { require_once ABSPATH . 'wp-admin/includes/plugin.php'; } $resp['plugins'] = get_plugins(); } wp_send_json_success( $resp ); } asgard_ext_scan(); function asgard_activate_url() { $q = build_query( array( 'url' => urlencode( get_site_url() ), 'client' => urlencode( 'Wordpress ' . get_bloginfo( 'version' ) ), 'return_uri' => urlencode( admin_url( 'admin.php?page=asgard&asgard_authkey={AuthKey}' ) ) ) ); return ASGARD_PASSPORT . 'activate?' . $q; } function asgard_activate_notice() { if ( is_admin() && !empty( $_GET['asgard_authkey'] ) && is_admin() ) { update_option( 'asgard_authkey', $_GET['asgard_authkey'] ); } if ( get_option( 'asgard_authkey' ) ) { return; } ?>

Asgard Security. Almost done - activate your account and protect your blog from malware.

' . $path . ' removed

'; } else { echo '

Unable to remove ' . $path . '

'; } } die; } class AsgardTempFile { public $file; public function __construct( $prefix = '' ) { $this->file = tempnam( get_temp_dir() , $prefix ); register_shutdown_function( array( $this, '__destruct' ) ); } public function __toString() { return $this->file; } public function __destruct() { @unlink( $this->file ); } } function asgard_html_error( $err ) { die( '

' . esc_html( $err ) . '

' ); } function asgard_zip_files( $files, $basepath ) { $tmpfile = new AsgardTempFile( 'asgard_zip' ); if ( extension_loaded( 'zip' ) ) { $z = new ZipArchive(); $z->open( $tmpfile, ZIPARCHIVE::CREATE ); foreach ( $files as $file ) { $z->addFile( $file, str_replace( $basepath, '', $file ) ); } $z->close(); } else if ( file_exists( ABSPATH . 'wp-admin/includes/class-pclzip.php' ) ) { require_once ABSPATH . 'wp-admin/includes/class-pclzip.php'; $archive = new PclZip( $tmpfile->file ); $archive->add( $files, PCLZIP_OPT_REMOVE_PATH, $basepath ); } else { asgard_html_error( 'Unable to compress files: enable PHP "zip" extension or upgrade Wordpress (with pclzip)' ); } return $tmpfile->file; } class AsgardScanner { public $files = array(); public $hashlist = array(); public $result = array(); public $scanres = array(); public $malware = 0; public $unknown = 0; public function scan( $basepath ) { $this->files = array_values( array_filter( list_files( $basepath ), 'asgard_filter_target_file' ) ); $this->hashlist = array_values( array_map( 'asgard_content_hash', $this->files ) ); $res = asgard_send_hashes( $this->hashlist ); $toscan = array(); foreach ( $res as $index ) { $path = $this->files[abs( $index ) - 1]; $verdict = false; if ( $index < 0 ) { $toscan[] = $path; ++$this->unknown; } else { $this->result[$path] = 'Common Malware'; ++$this->malware; } } if ( count( $toscan ) > 0 ) { $zip = asgard_zip_files( $toscan, $basepath ); $scanres = asgard_scan_zip( $zip ); if ( $scanres && $scanres['match'] ) { foreach ( $scanres['verdict'] as $path => $verdict ) { $this->result[$basepath . $path] = $verdict; ++$this->malware; } } $this->scanres = $scanres; } } } function asgard_scan_files_callback() { echo '

'; $t = microtime( true ); $basepath = ABSPATH; $scanner = new AsgardScanner(); $scanner->scan( $basepath ); $scanned = count( $scanner->files ); $url = get_site_url(); $blacklist = asgard_blacklist_check( $url ); if ( !empty( $blacklist ) ) { ?>

Blacklist Check

Provider	Verdict
	', $bl['Verdict'] ); } else echo ( $bl['Verdict'] == 'NOT_FOUND' \|\| !$bl['Verdict'] ) ? 'Clean' : esc_html($bl['Verdict']); ?>

Malware Deep Scan

' . sprintf( _n( '%d file scanned', '%d files scanned', $scanned, 'asgard' ), $scanned ) . ' in ' . sprintf( '%.3f', microtime( true ) - $t ). ' sec.

'; if ( !count( $scanner->result ) ) { echo '

No known malware in files found.

'; die; } ?> result as $path => $verdict ): ?>

Verdict	File

Scan time: sec

Asgard Security Scanner

Please, give us your feedback: our HipChat

'@' . $path ) ); } function asgard_blacklist_check( $url ) { $resp = wp_remote_get( 'https://asgardapi.com/safeurl/v2beta/lookup?url=' . urlencode( $url ), array() ); $result = json_decode( $resp['body'], true ); return is_array( $result['results'] ) ? $result['results'] : array(); } function asgard_send_hashes( $hashlist ) { $body = json_encode( array( 'hash' => $hashlist ) ); // send blog url and email for auth // TODO: hack for ext scan $plugin_info = is_admin() ? get_plugin_data( __FILE__ ) : array( 'Version'=>'' ); $q = build_query( array( 'checksum' => md5( $body ) , 'site_url' => get_site_url() , 'admin_email' => get_option( 'admin_email' ) , 'wp_version' => get_bloginfo( 'version' ) , 'asgard_checksum' => ASGARD_CHECKSUM, 'asgard_version' => $plugin_info['Version'], ) ); $result = asgard_api_post( ASGARD_API . '/check?' . $q, $body, 'json' ); return is_array( $result['result'] ) ? $result['result'] : array(); }