On May 25, 2020 5:26:14 PM UTC, Aziz Saleh <azizsaleh@xxxxxxxxx> wrote: >On Mon, May 25, 2020 at 1:09 PM Shivanand Sharma ><shivanand@xxxxxxxxxxxxxx> >wrote: > >> So the script is a part of a web application / plugin which is >basically a >> malware scanner. >> >> Webserver owners install this app and schedule it to run on a >periodic >> basis. >> >> This means that it could be a LAMP or LEMP or other kind of stack >with cgi >> or mod_php etc. >> >> Hang / Freeze: The issue is that some regexes / payloads or a >combination >> thereof makes the script exceed max_execution_time. This is not >desirable >> or even expected. >> >> In this case it's acceptable for the script to hit max_execution_time >and >> the app will just schedule the next batch. >> >> However with the bug in question, the script exceeds >max_execution_time >> and PHP has no way to recover. >> >> One way was to have a url-endpoint where we could post a request via >curl >> and if that fails or times-out the script can still continue. But I >was >> interested in exploring if PHP itself can recover from such a >situation >> without having to rely on an external process. >> >> Regards, >> Shivanand Sharma >> > >You have taken the wrong approach to fix the issue. Not a good idea to >use >PHP as a malware scanner (you should be using a programming language >instead of a scripting one), this is just the first issue you will run >into >of many. If it is an option you might think of using a different >solution. > >In regards to your issue, you can modify set_time_limit to unlimited >run >time if max execution time is the issue. > >External post is a solution that is worst than the initial solution. >Thus >my first concern on the design, you will keep adding band-aids to solve >issues you come up with, it would be best to write it from scratch >using >python, java, c/c++ or any other more efficient programming languages. Absolutely agree, using regular expressions in PHP to scan for strings is not a good way to detect malware. If you do need to use PHP as part of the larger application, take a look at things like https://github.com/kissit/php-clamav-scan. This uses the free and open source Clam Anti Virus. Disclaimer, I've used ClamAV before, but not this PHP package. Clam works well, and will be a lot better than your home brew regular expressions. As a general rule of thumb, when it comes to things like this, don't try and reinvent the wheel. It's a lot of work, and there are better wheels out there. Thanks, Ash
