-
Notifications
You must be signed in to change notification settings - Fork 0
/
SearchF.c
46 lines (39 loc) · 1.13 KB
/
SearchF.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//search malware, extension based encrypted files
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
int isSuspiciousFile(const char *filename) {
if (strstr(filename, "malware") != NULL || strstr(filename, ".exe") != NULL) {
return 1;
}
return 0;
}
void searchForMaliciousFiles(const char *dirname) {
struct dirent *entry;
DIR *dir = opendir(dirname);
if (dir == NULL) {
perror("opendir");
return;
}
while ((entry = readdir(dir)) != NULL) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) {
continue;
}
char path[1024];
snprintf(path, sizeof(path), "%s/%s", dirname, entry->d_name);
if (entry->d_type == DT_DIR) {
searchForMaliciousFiles(path);
} else if (entry->d_type == DT_REG) {
if (isSuspiciousFile(entry->d_name)) {
printf("Suspicious file found: %s\n", path);
}
}
}
closedir(dir);
}
int main() {
const char *startDirectory = "/path/to/scan";
searchForMaliciousFiles(startDirectory);
return 0;
}