If ftp is disabled in cPanel do not start pure-uploadscript
New –options [E]. This option will match scripts that send out email using sendmail, exim or via SMTP. This option requires that –options [m] is also specified
Fixed a false-positive detection of c/c++ source files
Added filename legend to View option UI in Other Files
For single or multiple user scans, Symlinks within the homedir will now be ignored
Removed [\;\|\`\\] regex checks from the [f] and [d] –options, as it appears to be of little value (you could always add back such a check using a similar regex entry in an xtra file)
Modified hidden text in image file check to only report if the text is script code
Added UID check to ensure updates are only performed by root (UID=0)
New –options [D]. This is an experimental option that puts any PHP scripts containing an eval() function that decodes base64 and rot13 data through the (experimental) –decode [file] option during a scan. This will then highlight the decoded result if it hits any regex, fingerprint or virus scan matches
Added eval(str_rot13 to –decode [file]
Fixed –decode [file] not scanning final decoded result with regex definitions and fingerprints
Improvements to –decode [file] detection and processing
Modified pure-uploadscript init file to cope with multiple pure-ftpd pids on restart and to stop pure-ftpd more cleanly
