#!/usr/bin/perl
# cpanel4 - scripts        Copyright(c) 1997-2002 cPanel, Inc..
#                                 All rights Reserved.
# copyright@cpanel.net      http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited
print "Scanning for Trojan Horses....";

$tj = 0;
$|=1;

open(SEC,"rpm -Va|");
select(SEC);
$|=1;
select(STDOUT);
while(<SEC>) {
	print ".\n";
	next if (/^missing/);
	next if (/\sc\s\//);
	if (substr($_,2,1) eq "5") {
		$_ =~ /\b\S+\s*(.*)/;
		$cmd = $1;

	next if ($cmd =~ /\/usr\/bin\/GET$/);
	next if ($cmd =~ /\/usr\/bin\/HEAD$/);
	next if ($cmd =~ /\/usr\/bin\/POST$/);
	next if ($cmd =~ /\/usr\/bin\/lwp-/);
	next if ($cmd =~ /\/usr\/bin\/dbish/);
	next if ($cmd =~ /\/usr\/bin\/xmlwf/);
	next if ($cmd =~ /\/usr\/lib\/libexpat.so/);
	next if ($cmd =~ /\/usr\/bin\/c2ph$/);
	next if ($cmd =~ /\/usr\/bin\/dprofpp$/);
	next if ($cmd =~ /\/usr\/bin\/enc2xs$/);
	next if ($cmd =~ /\/usr\/bin\/h2ph$/);
	next if ($cmd =~ /\/usr\/bin\/h2xs$/);
	next if ($cmd =~ /\/usr\/bin\/libnetcfg$/);
	next if ($cmd =~ /\/usr\/bin\/pod2latex$/);
	next if ($cmd =~ /\/usr\/bin\/piconv$/);
	next if ($cmd =~ /pngtogd/);
	next if ($cmd =~ /webpng/);
	next if ($cmd =~ /gdtopng/);
	next if ($cmd =~ /gdparttopng/);
	next if ($cmd =~ /gd2copypal/);
	next if ($cmd =~ /gd2topng/);
	next if ($cmd =~ /perl/);
	next if ($cmd =~ /a2p/);
	next if ($cmd =~ /php/);
	next if ($cmd =~ /imapd/);
	next if ($cmd =~ /fpexe/);
	next if ($cmd =~ /dbiproxy/);
	next if ($cmd =~ /libexpat.la/);

		(undef,undef,$mode,undef,undef,undef,undef,undef,
                      undef,undef,undef,undef,undef)
                          = stat($1);
            $mode = sprintf("%o",$mode);
            $mode = int(substr($mode,2,4));

		if ($mode =~ /5/ || $mode =~ /1/ || $mode =~ /7/) {
			$tj++;
			print "\nPossible Trojan - $cmd\n";
		}
	}
}
close(SEC);
if ($tj == 0) {
	print "No Trojans Detected\n";
} else {
	print "$tj POSSIBLE Trojans Detected\n";
}