public function scan($forkObj)
{
/** @var wpdb */
global $wpdb;
if (!$this->startTime) {
$this->startTime = microtime(true);
}
if (!$this->lastStatusTime) {
$this->lastStatusTime = microtime(true);
}
$db = new wfDB();
$blogsToScan = wfScanEngine::getBlogsToScan('options');
foreach ($blogsToScan as $blog) {
// Check the options table for known shells
$results = $db->querySelect("SELECT * FROM {$blog['table']} WHERE option_value REGEXP %s", trim(rtrim($this->patterns['dbSigPattern'], 'imsxeADSUXJu'), '/'));
foreach ($results as $row) {
preg_match($this->patterns['dbSigPattern'], $row['option_value'], $matches);
$this->addResult(array('type' => 'database', 'severity' => 1, 'ignoreP' => "{$db->prefix()}option.{$row['option_name']}", 'ignoreC' => md5($row['option_value']), 'shortMsg' => "This option may contain malicious executable code: {$row['option_name']}", 'longMsg' => "This option appears to be inserted by a hacker to perform malicious activity. If you know about this option you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"{$matches[1]}\"</strong>.", 'data' => array('option_name' => $row['option_name'], 'site_id' => $blog['blog_id'], 'canDelete' => true)));
}
}
return $this->results;
}
