FOUND A MALICIOUS PLUGIN?
- Source Code:
SEND the plugin jar to me so i can look through it and update this program
THIS IS NOT A PLUGIN
HOW TO USE
- Turn the server off so the malware can't spread
- Upload the MCAntiMalware.jar file to your server directory.
- Run the jar file in a shell, terminal, or cmd prompt with the command "java -jar MCAntiMalware.jar" or "java -jar MCAntiMalware.jar -z true" if you want to have any malicious jars put into a .zip for easy uploading and/or deletion
- This will create a "AntiMalware" folder. Within that is a "log.txt" file. Open the "log.txt" file to see if there are any plugins that could be potential malware (Malicious jars are logged as [WARNING])
- SEND the listed jar(s) to me so I can look through it/them and update the program (or send ALL of the jars to me if you want to be completely sure there's nothing this program doesn't detect)
- Delete the listed jars or all of the plugins if you want to be extra safe
- Restart the server
- If there is STILL malicious stuff happening SEND me EVERY jar file (including the server jar) then delete EVERY plugin jar AND the server jar then re-download the plugins and server jar
As of right now the program has 28 checks total
Runs 24/7 for constant protection
Scans any new jars, rar, or zip files for malicious/pup skripts or plugins
Can automatically zip suspected malicious plugins by using the command line argument -z true or -zipMalPlugins true to make it easier for uploading or deletion
Can choose what directory to scan with -s <path> or -scan <path>
Hides debug messages unless you do -d true or -debug rue
WHY THIS IS OPEN SOURCE
Simple, it's java it's easy to deobfuscate and decompile, if someone tried hard enough they'll figure out everything. I'm better off making it open source and getting help from the community.
KNOWN FALSE POSITIVES
The ForceOP check will false positive for a lot of popular plugins due to workarounds brought up in https://github.com/OpticFusion1/MCAntiMalware/issues/22
LeakedPlugin - Spigot's anti-piracy injection is triggering it because it injects an invokestatic at the start of the instructions. I'm sure other things also cause this check to FalsePositive
IF THERE IS A FALSE POSITIVE OR ISSUE
Create an issue HERE If it's a false positive i need the jar and the check(s) it was flagged as
Spigot Anti-Malware/Anti-Virus 3.33
The beginning of a safe server
ok this resource is very interesting,I hope he keeps you up to date.
just that when you pass the files to remove the alleged malware (or forceop type) you do not put it you ahahah.
You will have to fix the thing of false positives for the "forceop" because it detects that Luckperms and Worldguard uses forceop
This is such a cool resource and very helpful. Especially for newer server owners who really have no clue what they are downloading. I ran it on my server for funsies just to check. Only one plugin came back as malware (but dont worry I know why this plugin did that and its not malware)
The author is super response and nice. Very helpful if you have an issue (Like my stupid self reporting an issue cause I couldn't remain the overview page fully #StupidShaneBee)
Thanks for making something super useful!
I did not experience any of the issues from the previous review. It ran super fast with roughly the same amount of plugins and made a super easy to use log.txt file. Thanks for a very useful tool and something to give me a little bit more confidence that the plugins I'm selecting won't damage my server. I know this project has taken you countless hours of research. Thanks again.