2.15.2.5. PHP Antimalware Scanner

The utility is installed on the hosting servers PHP Antimalware Scannerwhich allows you to check PHP files for malicious code and potential vulnerabilities. Utility path: /usr/local/bin/amwscan.

1. Connect to hosting via SSH.
2. Run the command:

   amwscan ~/example.com/www/

   In a team:

   • ~/example.com/www/ — the path to the directory to be scanned.

When scanning in interactive mode, when threats are detected, you must select one of the proposed actions:

• [1] Delete file — delete a file.
• [2] Move to quarantine — quarantine.
• [3] Dry run evil code fixer — run the application to remove the dangerous code. Not recommended
• [4] Dry run evil line code fixer — run the application to remove dangerous code only in a potentially dangerous area. Not recommended
• [5] Open with vim — open the file in Vim.
• [6] Open with nano — open the file in nano.
• [7] Add to whitelist — add the signature in this file to the whitelist.
• [8] Show source — show the source (file).
• [-] Ignore — skip the current file.

1. Connect to hosting via SSH.
2. Run the command:

   amwscan -r ~/example.com/www/

   In a team:

   • -r — means that only scanning and report generation will be performed without making any changes to the files.
   • ~/example.com/www/ — the path to the directory to be scanned.

After completion of the work, the scanner will display the number of scanned files, the number of threats found and the path to the generated report.

As a result of the scan, an HTML report will be generated with information about detected threats. The report can be downloaded and opened in any browser. The information in the report is for informational purposes only, all troubleshooting steps must be performed manually. Report example: