Standalone Spigot Anti-Malware [Detects over 300 malicious plugins] 10.0

The beginning of a safe server

  1. Optic_Fusion1

    Resource Staff

    Optic_Fusion1 submitted a new resource:

    Spigot Anti-Malware/Anti-Virus - Detects various malicious plugins/skripts

    Read more about this resource...
     
  2. Code (Text):
    Blackbox-iMac:plugins vm$ java -jar MCAntiMalware.jar
    Queuing file for processing: /vm/sandbox/spigot-anti-malware-anti-virus/plugins/.DS_Store
    The .DS_Store file is from the macOS fs, you can skip it.

    By the way, some sort of activity indicator would be nice. Our plugins/ folder is 12gb/ due to log files and what not. And this jar is just sitting there doing nothing, I can't tell if it's stuck, or processing something, or whatever.

    Is it uploading the files to some anti virus service or something? If so, only the .jar files, or the whole directory or something? lol.
     
    #2 mrfloris, Feb 25, 2019
    Last edited: Feb 25, 2019
  3. Nice! Helped me alot with my server.
     
  4. Optic_Fusion1

    Resource Staff

    Optic_Fusion1 updated Spigot Anti-Malware/Anti-Virus with a new update entry:

    [2]

    Read the rest of this update entry...
     
  5. It goes through the plugin jars by decompiling them and checking the source if it contains some sort of strings with defined words etc
     
  6. Then 50 ish plugins should not take 10 minutes, I assume. Any way I can verbose the output? The log file only shows 'trying.. <pluginname>
     
  7. Optic_Fusion1

    Resource Staff

    I could not find a way around an issue that pops up when printing if the plugin is safe due to me logging while still looping through checks...it spams the logs due to that. I'll look into a fix again in a bit

    Edit: Due to the mentioned issue, until it's fixed, IF it doesn't say it's malicious and instead moves on to the next jar, it's most likely safe (or something this doesn't detect)
     
    #7 Optic_Fusion1, Feb 26, 2019
    Last edited: Feb 26, 2019
  8. Optic_Fusion1

    Resource Staff

    Noted, i'll make sure this gets skipped next update <3

    Edit: though...it should of skipped anything NOT a jar, rar or zip file...strange...i think i fucked up somewhere

    Edit 2: Found the issue, all files NOT a jar, rar or zip will be skipped

    Edit 3: Also sorry for slow replies, apparently the thread wasn't marked as being watched
     
    #8 Optic_Fusion1, Feb 26, 2019
    Last edited: Feb 26, 2019
  9. Thank you, and no worries. Ok, for it's limiting it to the plugins/*.jar files now. That should help, yeah.
     
  10. Optic_Fusion1

    Resource Staff

    Oh btw, i've also decided i'm sorting through literally EVERY free plugin on spigot, so that's a thing...
    as for the whole logging if it's safe. Here's why i don't do that right now. This is due to how i log, and check if a plugin is malicious

    Edit: and i can't think of a workaround...so yea
    upload_2019-2-25_21-48-1.png
     
  11. Optic_Fusion1

    Resource Staff

    No actually, if i could do that (which i can't because i can't find a free host i can do that easily with) i'd only do it with malicious plugins, the ability to automatically zip up any malicious plugins is a step towards this though
     
  12. Optic_Fusion1

    Resource Staff

    Yea, i'm sure this will get more advanced as time goes on though :p, however it always ends up with me just checking strings XD

    Edit: Hell even the skript checker (if i ever get around to making deobfuscation work) will pretty much end up being this way as well
     
  13. Optic_Fusion1

    Resource Staff

  14. Optic_Fusion1

    Resource Staff

  15. Uhm, this build reports back that every jar it scans is infected.

    I could start a VM with fresh linux, fresh java, and get spigot's buildtools and make a new spigot jar and download your plugin, and rename it to test.jar and it will tell me they're infected.

    I think something's potentially wrong. hehe
     
  16. Optic_Fusion1

    Resource Staff

    Either you're reading the log wrong, or i did fuckup

    Edit: just ran it, you're reading it wrong :p

    Edit 2: The update below makes the log better though <3
     
    #16 Optic_Fusion1, Feb 26, 2019
    Last edited: Feb 26, 2019
  17. Optic_Fusion1

    Resource Staff

  18. Optic_Fusion1

    Resource Staff

  19. Would it be possible to have an argument where it quits after scanning all the plugins? I was thinking about integrating it into my Plugin Decompile In Context Menu script, but it's kinda hard to do on-demand scanning when it never exits. Thanks!
     
  20. Optic_Fusion1

    Resource Staff

    Ehhhh, not worth adding it tbh. you're better off just posting a link instead of trying to support it, I'd rather not have people come to me because they messed up something with your program...

    Edit: also the reason it keeps running EVEN after scanning ever plugin is so there's 24/7 protection, it scans every new jar added to the plugins folder