THIS IS NOT A PLUGIN
- Source Code:
HOW TO USE
- Turn the server off so the malware can't spread
- Upload the MCAntiMalware.jar file to your server directory.
- Run the jar file in a shell, terminal, or cmd prompt with the command "java -jar MCAntiMalware.jar"
- This will create a "AntiMalware" folder. Within that are the log files open the latest log file. Possibly malicious jars are logged as DETECTED
- PM me the listed jar(s) to me so I can look through it/them and update the program (or send ALL of the jars to me if you want to be completely sure there's nothing this program doesn't detect)
- Delete the listed jars or all of the plugins if you want to be extra safe
- Restart the server
- If there is STILL malicious stuff happening PM me EVERY jar file (including the server jar) then delete EVERY plugin jar AND the server jar then re-download the plugins and server jar
COMMAND LINE ARGUMENTS
use the --help command line argument to get this information, it will be the most up to date
Detects over 100 malicious plugins
Runs 24/7 for constant protection
Scans any new jars, rar, or zip files forr plugins
WHY THIS IS OPEN SOURCE
Simple, it's java it's easy to deobfuscate and decompile, if someone tried hard enough they'll figure out everything. I'm better off making it open source and getting help from the community.
KNOWN FALSE POSITIVES
The ForceOP check will false positive for a lot of popular plugins due to workarounds brought up in https://github.com/OpticFusion1/MCAntiMalware/issues/22
LeakedPlugin - Spigot's anti-piracy injection is triggering it because it injects an invokestatic at the start of the instructions. I'm sure other things also cause this check to FalsePositive
Spigot Anti-Malware/Anti-Virus 4.16
The beginning of a safe server
I will be honest, it has detected my private plugin with OP command. Problem here is, my OP command is security enhanced version of the classical OP. It's permission and hash protected (that means even if you have a backdoor in our permission system, you need to unlock it with password, that is hashed).
Very very great plugin!
On 174 malicious plugins, this anti-virus detected 165.
I mean it don't detect all malicious things, but it's a (very) good start!
But I noticed some non-malicious plugins are flagged as ForceOP, like LuckPerms and more! Could you fix it?
Otherwise great plugin.