2.15.2.6. phpMussel

Attention!

This article describes one possible method of combating malicious code. The hosting administration is not responsible for any damage that may be caused by using the utility described in this article.

Important points:

  • The utility has a mode that deletes detected infected files. Before using it, be sure to create a backup of your site.
  • It is not recommended to run the check on a very large number of files, as this may take a long time and consume a large amount of resources.
  • The utility works with PHP version 7.2 or higher. For correct operation, set version 7.2 or higher for the site and console.

About scanner

phpMussel — free utility for searching infected files, used to analyze files by multiple signatures, including ClamAV. This utility can be used as a separate tool for searching infected files, as well as a functional analyzer of files uploaded by sites. You can explore the features of phpMussel in the documentation on GitHub.

Install

The article describes a simple installation of the utility, which will be ready to use immediately. To create your own sets of commands and instructions, see the official documentation.
  1. Download the appropriate version of the ready-made phpMussel example from the list of releases on GitHub and upload it to your hosting.
  2. Using the file manager or any FTP client, upload the downloaded archive to your hosting and use the file manager to extract it to any convenient location.
  3. Open the scanner control panel at the address like http://example.com/path/to/example-frontend.php (instead of example.com specify the name of the site where the scanner is uploaded, instead of path/to — path to the directory with the utility relative to the site root directory).
  4. Log in to the scanner control panel using the login admin and password password.
  5. In the Accounts section, change your login details and set a strong username and password.
  6. Additionally, you can make changes to the scanner configuration (changes are saved by clicking the Update button at the top of the page):
    • "Configuration → Core → delete_on_sight" — deleting files during scanning.
    • "Configuration → Core → lang" — scanner control panel language.

Scan

  1. Connect to the hosting via SSH.
  2. Go to the phpMussel directory (example.com/sub/dir — path to utility):
    cd ~/example.com/sub/dir
  3. Run the phpMussel console handler (example-cli.php — name of the console handler file, if changed):
    php example-cli.php
  4. After launching the utility, execute the command (/home/example/example.com/sub/dir — absolute path to the directory to be scanned):
    scan /home/example/example.com/sub/dir

Signature update

Signature databases are updated regularly, and it is very important to keep them up to date.

  1. Download all or the necessary signatures from the project page on GitHub.
  2. Using the file manager or any FTP client, upload the downloaded archives to your hosting and use the file manager to extract them to the signature directory (by default phpmussel-signatures). Signature files with extensions ending in db, such as htdb, mdb, medb, etc., should be placed directly in the signature directory without any other subdirectories. The presence of other files does not affect the utility's operation.
Content