I have some PHP code that is supposed to invoke a bash script and it doesn't seem to be working. The basic idea is that it is pulling down an HTML file, scanning it with clamscan, and then reporting whether or not an infection is found in the source code. Not perfect but it doesn't have to be. The shell script is as follows:
Code:
#!/bin/bash
in=/tmp/foo.html
outfile=/tmp/clamscan.txt
cd ~/bin
addr=$(java ParseURL "$*")
w3m -dump_source ${addr} | clamscan - > ${outfile} 2>&1
infected=$(grep "Infected files" ${outfile} | tr -s ' ' | cut -d ' ' -f 3)
exploit=$(grep "FOUND" ${outfile})
if [ -n "$exploit" ]; then
echo "infected"
elif [ -n "$infected" ]; then
if [ $infected -gt 1 ]; then
echo "infected"
else
echo "clean"
fi
else
echo "clean"
fi
rm -rf $in
rm -rf $outfile
Just FYI, the Java class will parse a string and pull out only the URL from it based on some regular expressions. So if I pass in the string "hello my name is www.ebay.com and I like to sell stuff" the Java program would return only the string "www.ebay.com".
What is silly is that I can run the above shell script manually and it will output the correct answer:
Code:
$ ./friend-scan is testing http://www.xxx.xxx/exp2.html
infected
However, if I call the exact same command from my PHP code it prints "clean". Here is the PHP code (and at this particular point, the variable $msg is the string "is testing http://www.xxx.xxx/exp2.html"):
Code:
// run clam-scan on the target HTML file
$command = "/home/bdmayes/bin/friend-scan $msg";
echo "Calling $command <br>";
$myOutput=shell_exec($command);
echo "<pre>$myOutput</pre>";
and here is the output from the resulting HTML page:
Code:
Calling /home/bdmayes/bin/friend-scan is testing http://www.xxx.xxx/exp2.html
clean
I have done some testing by adding the following code to my shell script:
Code:
testFile=/tmp/addr.txt
echo "$*" >> $testFile
echo "$infected" >> $testFile
echo "$exploit" >> $testFile
echo "" >> $testFile
and what I found is that when my PHP code calls the friend-scan script, the variable $exploit seems to be null. Also, it finds zero infections:
Code:
$ cat /tmp/addr.txt
is testing http://www.xxx.xxx/exp2.html
0
If I run this exact same script manually it finds an infection!
Code:
$ cat /tmp/addr2.txt
is testing http://www.xxx.xxx/exp2.html
1
stdin: Exploit.CVE-2006-3730 FOUND
How is this possible? Anybody have an idea what is going on here? (bwkaz -- I'm looking in your direction )