2.15.2.6. phpMussel

Attention!

The article describes one of the possible methods of combating malicious code. The hosting administration is not responsible for the damage that may be caused by using the utility described in the article.

Important points:

  • The utility has an operating mode that deletes detected infected files. Before using it, be sure create a backup your site.
  • It is not recommended to start scanning a very large number of files, as this can take a long time and consume a lot of resources.
  • The utility works with PHP version not lower than 7.2. For correct operation, install version 7.2 or higher for site and console.

About the scanner

phpMussel is a freeware tool for finding infected files, used to analyze files against a variety of signatures, including ClamAV. This utility can be used as a stand—alone tool for searching for infected files, as well as a functional analyzer of files uploaded by means of websites. You can explore the features of phpMussel in the documentation at GitHub.

Installation

The article describes a simple installation of a utility that will be immediately ready for use. To create your own sets of commands and instructions, use the documentation on GitHub.
  1. Download the appropriate version of the finished phpMussel example from the release list at GitHub project and upload it to the hosting.
  2. Through filemanager or any FTPclient upload the downloaded archive to the hosting and unpack him with the help filemanager to any convenient place.
  3. Go to the scanner control panel page at the address of the form http://www.domain.com/path/to/example-frontend.php, after replacing the data with the necessary ones:
    • www.domain.com — the domain name of the site in which the scanner is loaded.
    • path/to — path to the directory with the utility relative to the root directory of the site.
  4. Log in to the control panel using your login admin and password password.
  5. In chapter «Accounts» change the authorization data and set a complex login and password.
  6. Additionally, you can make changes to the scanner configuration, then click on «Update» at the top of the page:
    • The parameter is responsible for deleting files during scanning. «Configuration → Core → delete_on_sight».
    • You can change the language of the control panel in the section «Configuration → Core → lang».

Scanning

  1. Connect to hosting via SSH.
  2. Change to the phpMussel directory with the command:
    cd ~/example.com/subdomain/dir

    Instead example.com/subdomain/dir specify the desired path.

  3. Run the phpMussel console handler:
    php example-cli.php

    Instead example-cli.php specify the name of the console handler file if it was created by yourself or modified.

  4. After running the utility, use the command:
    scan /home/account/example.com/subdomain/dir

    Preliminarily replace the data with the necessary ones:

    • account — specify title hosting account
    • example.com/subdomain/dir specify the desired relative (link to the home directory ~/ not supported) or an absolute path.

Signature update

Signature databases are regularly updated and it is important to keep them up to date.

  1. Download all or required signatures from the project page at GitHub.
  2. Through filemanager or any FTPclient upload the downloaded archives to the hosting and unpack them with filemanager to the signatures directory (by default called phpmussel-signatures). Signature files whose extensions end in db, for example htdb, mdb, medb etc., must be placed directly in the signatures directory without other subdirectories. The presence of other files does not affect the operation of the utility.
Content