Skip to content

Commit 2fb3128

Browse files
MaikuolanMaikuolan
committed
File type detection patch.
Changelog excerpt: - Added MP4 file type detection and modified PHP file type detection to reduce the risk of false positives (e.g., see phpMussel/phpMussel#241).
1 parent 467b8c2 commit 2fb3128

File tree

3 files changed

+4
-3
lines changed

3 files changed

+4
-3
lines changed

Changelog.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,3 +151,4 @@ __*Why "v3.0.0" instead of "v1.0.0?"*__ Prior to phpMussel v3, the "phpMussel Co
151151
- [2024.09.13]: Added L10N for Malayalam.
152152
- [2024.10.15]: Added support to optionally disable adding new hash cache entries when a specific instance cache flag is used.
153153
- [2024.10.15]: Added support to inform the user via an optional instance cache flag which flags were set by the switch file during the scan when scanning via CLI.
154+
- [2024.10.15]: Added MP4 file type detection and modified PHP file type detection to reduce the risk of false positives (e.g., see phpMussel/phpMussel#241).

assets/switch.dat

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,10 @@ FD:d9d505f920a163d7:A:8;infectable=false
1515
FD:fffb90:A:3;infectable=false
1616

1717
== Assists with determining potential file content ==
18+
$fileswitch:unassigned;FN:\.[Mm][Pp]?4.?$;FD-RX:63(686170|6c6970|72676e|746162)|66726565|66747970|696d6170|6a7032|6b6d6174|6c6f6164|6d(617474|646174|6f6f66|6f6f76)|70696374|706e6f74|73(637074|6b6970|737263|796e63)|746d6364|75647461|75756964|77696465:4:4;fileswitch=mp4
1819
$fileswitch:unassigned;FD:4d5a:A:2;fileswitch=pefile
1920
$fileswitch:unassigned;FD-RX:(cafebabe|cafed00d|cefaedfe|cffaedfe|feedface|feedfacf):A:4;fileswitch=java
20-
$fileswitch:unassigned;FD:494433:A:3;fileswitch=mp3
21-
$fileswitch:unassigned;FD:fffb90:A:3;fileswitch=mp3
21+
$fileswitch:unassigned;FD-RX:494433|fffb90:A:3;fileswitch=mp3
2222
$fileswitch:unassigned;FD-NORM-RX:23212f7573722f(6c6f63616c2f)?62696e2f(656e76)?7065726c:A:24;fileswitch=perl
2323
$fileswitch:unassigned;FD:43723234:A:4;fileswitch=chrome
2424
$fileswitch:unassigned;FD:4c00000001140200:A:8;fileswitch=lnk

src/Scanner.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1687,7 +1687,7 @@ private function dataHandler(string $str = '', int $Depth = 0, string $OriginalF
16871687
strpos(',phar,', ',' . $gzxt . ',') === false &&
16881688
strpos(',php*,', ',' . $gzxts . ',') === false &&
16891689
strpos($str_hex_norm, '3c3f706870') === false
1690-
) || $is_pe);
1690+
) || $is_pe || $fileswitch === 'mp4');
16911691

16921692
/** Set debug values, if this has been enabled. */
16931693
if (isset($this->debugArr)) {

0 commit comments

Comments
 (0)