Last Update 2017.04.19
Notice to file crate or change
WHORUFILE is help to protect your server for hacking.
code sign on “Open Source Developer, JuSeong Han”
YOU LIKE IT, CLICK LIKE BUTTON 🙂
Suspicious PEHeader Type File
You can defanse to create malware file on server.
if And you want to check virus check on virustotal, you need to virustotal api key. check below link.
2017.04.19 – Performance update.
2017.01.31 – Check file certificate and write in a log.
2017.01.23 – Offer file detail information when find to suspicious file .
How to use
- Console mode : just run program, then you can check the file monitoring in console, this mode not install mode
- Service mode : WHORU offer to install option, “-i”: install to service type(Automatic start when system boot), “-u”: service uninstall(remove)
run command line
“whorufile -i” : install whorufile service type(we recommand this on server mode)
“whorufile -u” : uninstall whorufile service type.
“whoru” : console mode, insistent mode(if you want to check one time, i recommend this.)
You can input to option WHORU.INI
Syslog_IP=192.168.0.1 <– Send to log at syslog server, When input IP address.
File=false <– If you want to logging on the local machine, input here for true.
DirectoryPath=ALL <– If you need to only audit some folder or drive, input here. Default option is all drive.
Trust_List= notepad.exe <– If you need to trust item, input here.
Virustotal= xxx <– Input Virustotal Key. https://ithemes.com/security/how-to-malware-scan-api-key-with-virustotal/