Support » Plugin: Quttera Web Malware Scanner » quttera searching everything

  • hello – i read on the page the following:

    Internal Scanner – Default
    The internal scan will check PHP/JS/CSS and image files for malware.

    but we have over a million audio files, and quttera is looking through every one of them. is there any way to make sure that quttera is restricted to the php/js/css files?

    note that we run clamav nightly, so i am not too concerned with all the other files. clamav is now looking at over two million files a night, 95% of them are audio files.

Viewing 7 replies - 1 through 7 (of 7 total)
  • (Plugin version 3.3.0.24)

    Plugin Author quttera

    (@quttera)

    Thank you for this comment, it is very appreciated.

    We forwarded your request to RnD team, and hopefully, the text files filtering will be added to the scanner version.

    Unfortunately testing only for file extension won’t work since there are multiple samples of malware changing the file extension (like *.ico) to avoid detection.

    We will update you once this functionality/bug fix will be delivered.

    Quttera Team.

    Plugin Author quttera

    (@quttera)

    Could you please share which types of audio files do you have thus we can test bug fix before delivery?

    Thank you
    Quttera Team.

    sorry been away and missed this. the vast majority of our files are opus files.

    Plugin Author quttera

    (@quttera)

    Thank you for getting back.

    Here is a definition of the opus file header

    (https://tools.ietf.org/html/rfc7845#section-5)

    Can you please open one of opus files with a hex editor and verify that you see

    OpusHead string at the start of the file?

    Just to verify we are going to add a correct header detection.

    Thank you,
    Quttera Team.

    edwardsmark

    (@edwardsmark)

    hi sorry for the delay:

    # od -cx Screen_Spont_2020-01-24-10-19-53-PM.opus | head -25

    0000000   O   g   g   S  \0 002  \0  \0  \0  \0  \0  \0  \0  \0   u 020
               674f    5367    0200    0000    0000    0000    0000    1075
    0000020   3   B  \0  \0  \0  \0   * 022 247   S 001 023   O   p   u   s
               4233    0000    0000    122a    53a7    1301    704f    7375
    0000040   H   e   a   d 001 001   8 001 200 273  \0  \0  \0  \0  \0   O
               6548    6461    0101    0138    bb80    0000    0000    4f00
    0000060   g   g   S  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0   u 020   3
               6767    0053    0000    0000    0000    0000    7500    3310
    0000100   B 001  \0  \0  \0   p   G 230 323 001 034   O   p   u   s   T
               0142    0000    7000    9847    01d3    4f1c    7570    5473
    0000120   a   g   s  \f  \0  \0  \0   M   o   r   p   h   b   o   x   .
               6761    0c73    0000    4d00    726f    6870    6f62    2e78
    0000140   c   o   m  \0  \0  \0  \0   O   g   g   S  \0  \0  \0 207  \0
               6f63    006d    0000    4f00    6767    0053    0000    0087
    0000160  \0  \0  \0  \0  \0   u 020   3   B 002  \0  \0  \0 276   i   b
               0000    0000    7500    3310    0242    0000    be00    6269
    0000200 356 033 343 377 032 377  \n 377  \n 377  \0 362 302 265 333 377
               1bee    ffe3    ff1a    ff0a    ff0a    f200    b5c2    ffdb
    0000220   ( 377 032 377 004 251   m   m 376 377 020 377  \f   z   a  \0
               ff28    ff1a    a904    6d6d    fffe    ff10    7a0c    0061
    0000240 263   $ 354 260   n   (   I   4 003 312   L  \f 334 037 023   z
               24b3    b0ec    286e    3449    ca03    0c4c    1fdc    7a13
    0000260   Q 226 234 264 034   K   R 261   7   { 212 250 316   % 352 017
               9651    b49c    4b1c    b152    7b37    a88a    25ce    0fea
    Plugin Author quttera

    (@quttera)

    Thank you for the provided information.
    The fix will be added in next plugin release.
    Please test it with the new version that will be release 27.01.2020

    Thank you,
    Quttera Team

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘quttera searching everything’ is closed to new replies.