Spigot Anti-Malware/Anti-Virus 3.33

The beginning of a safe server

  1. Optic_Fusion1
    FOUND A MALICIOUS PLUGIN?
    SEND the plugin jar to me so i can look through it and update this program

    THIS IS NOT A PLUGIN

    HOW TO USE

    1. Turn the server off so the malware can't spread
    2. Upload the MCAntiMalware.jar file to your server directory.
    3. Run the jar file in a shell, terminal, or cmd prompt with the command "java -jar MCAntiMalware.jar" or "java -jar MCAntiMalware.jar -z true" if you want to have any malicious jars put into a .zip for easy uploading and/or deletion
    4. This will create a "AntiMalware" folder. Within that is a "log.txt" file. Open the "log.txt" file to see if there are any plugins that could be potential malware (Malicious jars are logged as [WARNING])
    5. SEND the listed jar(s) to me so I can look through it/them and update the program (or send ALL of the jars to me if you want to be completely sure there's nothing this program doesn't detect)
    6. Delete the listed jars or all of the plugins if you want to be extra safe
    7. Restart the server
    8. If there is STILL malicious stuff happening SEND me EVERY jar file (including the server jar) then delete EVERY plugin jar AND the server jar then re-download the plugins and server jar
    FEATURES
    As of right now the program has 28 checks total
    Runs 24/7 for constant protection
    Scans any new jars, rar, or zip files for malicious/pup skripts or plugins
    Can automatically zip suspected malicious plugins by using the command line argument -z true or -zipMalPlugins true to make it easier for uploading or deletion
    Can choose what directory to scan with -s <path> or -scan <path>
    Hides debug messages unless you do -d true or -debug rue

    WHY THIS IS OPEN SOURCE
    Simple, it's java it's easy to deobfuscate and decompile, if someone tried hard enough they'll figure out everything. I'm better off making it open source and getting help from the community.

    KNOWN FALSE POSITIVES
    The ForceOP check will false positive for a lot of popular plugins due to workarounds brought up in https://github.com/OpticFusion1/MCAntiMalware/issues/22
    LeakedPlugin - Spigot's anti-piracy injection is triggering it because it injects an invokestatic at the start of the instructions. I'm sure other things also cause this check to FalsePositive

    IF THERE IS A FALSE POSITIVE OR ISSUE
    Create an issue HERE If it's a false positive i need the jar and the check(s) it was flagged as

Recent Updates

  1. [3.33]
  2. [3.32]
  3. [3.31]

Recent Reviews

  1. GHOSTS15
    GHOSTS15
    5/5,
    Version: 3.27
    ok this resource is very interesting,I hope he keeps you up to date.
    just that when you pass the files to remove the alleged malware (or forceop type) you do not put it you ahahah.
    You will have to fix the thing of false positives for the "forceop" because it detects that Luckperms and Worldguard uses forceop
    1. Optic_Fusion1
      Author's Response
  2. PabsMG
    PabsMG
    5/5,
    Version: 3.21
    A really good plugin, also, 3 MB? Lol, that is so much for a minecraft plugin. I recommend it without a doubt! (sorry if i put something bad, i talk spanish)
    1. Optic_Fusion1
      Author's Response
      This isn't a plugin, it literally says that on the overview
  3. ShaneBee
    ShaneBee
    5/5,
    Version: 3.17
    This is such a cool resource and very helpful. Especially for newer server owners who really have no clue what they are downloading. I ran it on my server for funsies just to check. Only one plugin came back as malware (but dont worry I know why this plugin did that and its not malware)
    The author is super response and nice. Very helpful if you have an issue (Like my stupid self reporting an issue cause I couldn't remain the overview page fully #StupidShaneBee)
    Thanks for making something super useful!
    1. Optic_Fusion1
      Author's Response
      <3 Thanks for the nice comment <3
  4. nath
    nath
    5/5,
    Version: 3.15
    Thanks for the Qlutch check
    !
    1. Optic_Fusion1
  5. MineCraftDirt
    MineCraftDirt
    5/5,
    Version: 3.15
    I like this plugin too, I hope to be able to update it for a long time!!!!!!!!!!!!!!!!!!!!
    1. Optic_Fusion1
      Author's Response
      Thanks <3
  6. Chistian95
    Chistian95
    5/5,
    Version: 3.14
    Awesome plugin. Glad there is people like you doing this kind of work!

    There may be a couple of fake positives with skript and worldguard (it says it could have forceop). But besides that, it works like a charm.
    1. Optic_Fusion1
      Author's Response
      Thanks <3 and yea as i said the PM ages ago these are known issues, sadly i personally do not know enough to fix these my self which means someone else has to PR a change that fixes it
  7. vinyljackers
    vinyljackers
    5/5,
    Version: 3.14
    Good that u try to help the community only sad that some people don't read the description where it tells u it isn't a plugin but a tool to help u find dangerous plugins/folders. Good job keep up the good work <3
    1. Optic_Fusion1
      Author's Response
      Thanks <3
  8. MarkElf
    MarkElf
    5/5,
    Version: 3.11
    I found this to be an interesting resource. Looking forward to seeing it develop.
    1. Optic_Fusion1
  9. GalacticStar123
    GalacticStar123
    5/5,
    Version: 3.8
    This is just honestly amazing, I tested it with a few cracked plugins and it detected the malware instantly. Thanks for putting your hard work into this project
    1. Optic_Fusion1
  10. LucidusMC
    LucidusMC
    5/5,
    Version: 3.2
    I did not experience any of the issues from the previous review. It ran super fast with roughly the same amount of plugins and made a super easy to use log.txt file. Thanks for a very useful tool and something to give me a little bit more confidence that the plugins I'm selecting won't damage my server. I know this project has taken you countless hours of research. Thanks again.
    1. Optic_Fusion1
      Author's Response
      That's because before it didn't have the better logging :P
      But you're welcome <3