How to scan and clean website viruses ?

How to scan and clean website viruses ?



The malware infection has became one of the major annoying security concern for the websites owners and Internet users as they are passing through the emails and web sites to the local machine and other remote servers. There are various security and antivirus software tools available for the Desktop systems ( local machine ) which can scan, detect and remove viruses from the specific files/folders, disk drives and other connected devices. If you have a website which needs to scan for the malware, Trojans and other vulnerable codes or want to check status of any URL link for the security and attack then refer following online tools and services which will help you to do so.

These online tools, services can help you to scan and detect malicious codes as viruses, worms, Trojans, adware, spyware and exploit content from the web pages. Also some hosted antivirus tools and scripts provide options to quarantine and/or clean infected files. Below I have collected some of the good tools and online services which provide URL links, domain reputation scan and security report generation facility. These tools alert users about the presence of malware, exploits in a Website or a Webpage. Some of the tools provide vulnerability assessment and help to secure websites against hackers.


1] Online Antivirus scanner from hosted server.

2] Online URL links, Domain reputation and security threats analyzer from third party service provider.


* Online Antivirus scanner from hosted server (Remote Server).

These types of application tools are installed on the same hosted server and can be available from the Control panels as addon or modules. Eg. ClamAv option in cPanel, Dr. Web Antivirus addon in Plesk. Also some hosting companies provide other open source or commercial security applications which can be accessed via web interface or manage via shell access. Here we will explore some well known tools which are available with EUKhost Linux Shared, VPS and Dedicated servers.

ClamAv - Open Source Virus Scanner with cPanel (Linux/Unix Servers ): Clam AntiVirus



ClamAV is a free open source anti-virus application for Linux, UNIX systems. It is specially designed for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

To install and upgrade/update clamav, please refer following thread : Update ClamAV

You can scan files from cPanel interface or using clamscan/clamdscan binary tools on shell access . Click on VirusScanner from Advanced section in cpanel to scan all files under specific cpanel account. there you can scan, entire Home Directory or emails or Public Web Space ( public_html folder) or Public FTP Space ( public_ftp folder). you can check following screen shot as how ClamAV will detect and alert for the detected viruses. It then gives option to Quarantine/Destroy/Ignore and/or disinfect in Cleanup Process from cpanel. However only mailboxes can be disinfected.



If you have shell access then you can use clamscan or clamdscan tools to scan and clean viruses from the hosting space. Following are some useful
commands to run clam tools.

Clamscan is a command line anti-virus scanner which scan files and directories for viruses. clamdscan is a Clam AntiVirus Daemon which also scan files and directories for viruses using same database and definition. It is a simple clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd. The clamd daemon listens for incoming connections on Unix and/or TCP socket and scans files or directories on demand. It reads the configuration from /etc/clamd.conf

Quote:

# To scan all files (and sub directories) in public_html, use following command.

clamscan -ir public_html

user@server [/home/cpuser]# clamscan -ir public_html

public_html/explo-script/sprd.txt-bk: Trojan.IRCBot-1142 FOUND
public_html/explo-script/spread.txt-bk: PHP.ShellExec FOUND

----------- SCAN SUMMARY -----------
Known viruses: 857351
Engine version: 0.96.5
Scanned directories: 5
Scanned files: 3
Infected files: 2
Data scanned: 0.02 MB
Data read: 0.02 MB (ratio 1.00:1)
Time: 5.221 sec (0 m 5 s)
----------- ----------- ----------- ---

# To scan all files (and sub directories) in public_html folder and save result in file use following command.

clamscan -irl results.txt public_html

# To scan all files (and sub directories) in public_html folder and then remove infected files automatically, use following command.
Note : Be careful while removing infected files automatically. Make sure that you have backup for all those files.

clamscan -ir --remove public_html/

cpuser@server [/home/cpuser]# clamscan -ir --remove public_html/

public_html/explo-script/sprd.txt-bk: Trojan.IRCBot-1142 FOUND
public_html/explo-script/sprd.txt-bk: Removed.
public_html/explo-script/spread.txt-bk: PHP.ShellExec FOUND
public_html/explo-script/spread.txt-bk: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 857351
Engine version: 0.96.5
Scanned directories: 5
Scanned files: 3
Infected files: 2
Data scanned: 0.02 MB
Data read: 0.02 MB (ratio 1.00:1)
Time: 4.450 sec (0 m 4 s)
----------- ----------- ----------- ---

For more information and usage of clamscan command fire --help option.
Parallels Plesk panel Antivirus addons(Modules):

In order to provide your e-mail users an anti-virus protection, you can use either the Parallels Premium Antivirus or Kaspersky Antivirus solutions. Both antivirus programs can scan server's mail traffic in real time, however, only Kaspersky Antivirus allows fine tuning and filtering of specific file types from attachments.

The both programs require an additional license key with annual renewal. Check the
current prices with your hosting provider or visit Parallels site.

1] Dr.Web Antivirus (Parallels Premium Antivirus)

Parallels Premium Antivirus

Parallels Premium Antivirus is virus scanning and filtering software integrated with all versions of Plesk and can also be used with other control panels. It's developed by Parallels and Dr.Web, AntiVirus solution for hosting environment which provides protection for mailboxes against worms, Trojans and other damaging viruse. This security tool has ability to repair, rename, or delete infected files and archives (.zip, .rar, .gz, .tar, etc.)

Pricing for Parallels Premium Antivirus is based on a subscription that is renewed on a yearly basis. The addon service will be activated once you pay licence cost.

Mailname Configuration Page with Anti-Virus Option



Mailname Configuration Page with Antivirus Option
Configure Parallels Premium Antivirus specifically for a particular mail name. "Antivirus mail checking" in the Info section shows the current mode of anti-virus software operating.

Parallels Premium Antivirus Configuration Page

How to scan and clean website viruses ?

Parallels Premium Antivirus Configuration Page
Select the mode of operating for Parallels Premium Antivirus software for a particular mail name. You can set up the antivirus check only incoming mail or only outgoing mail, or both.


2] Parallels Plesk Panel Anti-Virus Powered by Kaspersky

Kaspersky Anti-Virus for Parallels Plesk Panel

Builtin Kaspersky Anti-Virus Engine, a plesk Anti-Virus Powered by Kaspersky is another virus scanner software available for plesk that provides protection against viruses with superior detection rates and an industry-leading outbreak response time. This program scans incoming and outgoing mail traffic on your server, and removes malicious and potentially dangerous code from e-mail messages. What makes it an effective solution is that its virus databases are updated with new virus definitions every hour.
To learn more about Kaspersky Antivirus, visit the Web site at

http://www.kaspersky.com/anti-virus_linux_mailserver.

To use Kaspersky Antivirus with your Parallels Plesk Panel server, you need to install the Kaspersky Antivirus module, purchase a license key and install it through Parallels Plesk Panel.


Parallels Plesk Panel Anti-Virus Powered by Kaspersky Management Interface

How to scan and clean website viruses ?

How to install Kaspersky Antivirus in Parallels Plesk panel server ?


You can install the Kaspersky Antivirus module to the Parallels Plesk Panel server in two ways: from the Parallels Plesk Panel interface (recommended), and from the command line.

Read installation and administration guide at Parallels documentation page :

Parallels Plesk Panel 10: Administrator's Guide

Kaspersky Antivirus Module for Parallels Plesk Panel 10 for Linux/Unix: Administrator's Guide

Iscanner open source tool for the Linux servers :



This is the best open source tool that detect and remove malicious codes and web page malwares as hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares from web pages. iScanner not only show infected html, php css and javascript files on the server but also able to clean these files by removing the malware code only from the infected files. It has ability to scan one file, directory or remote web page / website on the Linux/Unix servers.

Presently there is no remote administration interface ( API ) for Iscanner so you need SSH access to use it. There are some false positive alarm in the iScanner which detects genuine script as suspicious code, so customize databas signatures as per your requirement and use it carefully after taking your files backup.

Here are the steps to install and use Iscanner tool.

Quote:

cd /home/cpuser

wget http://iscanner.isecur1ty.org/download/iscanner.tar.gz

tar xvzf iscanner.tar.gz

cd iscanner-0.7/

./installer -i -d /home/cpuser/iscanner
# This command will install iScanner in /home/cpuser/iscanner folder

./iscanner -u
# This will update iscanner database for new virus definitions.

./iscanner -F test.php
# To scan specific file use this command.

./iscanner -f /home/cpuser/public_html/
# To scan specific folder use this command.

./iscanner -c infected-02:46:32-05.Oct.log
# This command will clean all the files reported in the .log file.

./installer -u
# This command will uninstall iscanner from the same folder.
Online URL, files security scanners/analyzer :

While surfing the web, if you want to know security and authenticity status of knwown/unknown URL then refer following sites which will give you in depth report of the concern domain and URL. These sites are useful to detect whether requested site is compromised or contains malwares which will then create security threats for your computer.

Following sites and their reports are great resource to help you identify and resolve security issues with your Web sites.

Google's "safe browsing tool ( Google's Safe Browsing Diagnostics )



Google Safe Browsing diagnostic page for www.example.com

Just replace IANA — Example domains with your own site address and access it. It will show whether Google found anything suspicious on your site. Safe Browsing Diagnostic page will give you answers and recommendations for the following questions.
What is the current listing status for domain.tld?
What happened when Google visited this site?
Has this site acted as an intermediary resulting in further distribution of malware?
Has this site hosted malware?
Next steps:

Virustotal : VirusTotal - Free Online Virus, Malware and URL Scanner



Virustotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by multiple antivirus engines. There are various free extension/addons and tools for the browsers that allows users to easily interact with VirusTotal.

Urlvoid : Scan Websites for Exploits, Malware and other Malicious Threats - URLVoid.com BETA







This is great service from the Urlvoid.com that allows users to scan a web addresses with multiple scanning engines such as Google Diagnostic, PcTools Browser Defender, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites. Just enter the URL of the website you want to scan and then click the Scan Now button.

OnlineLinkScan : Online Link Scan - Virus, Trojan, Adware and Malware Scanner



OnlineLinkScan offers safeguards like detection of hidden links that are not possible for visitor to notice. This site also detect suspicious links that might gets infected with viruses, trojan horses, spyware and other malwares. It shows report with PhisTank, AVG, SiteTruth and Google Safe Browsing listing status.

Yahoo Search Scan : Search Scan



Yahoo SearchScan alerts you while surfing viruses concern websites and downloading dangerous software that may harm your computer. SearchScan can help protect you from potential hacking risks and dangerous downloads. you can read more information at following page : What SearchScan Does | Yahoo! Search Help


Online Dr.Web link Scanner : Dr.Web - innovation IT-security solutions. Complex protection against Internet threats.



Dr.Web scanner is great online service to scan a link or file with scripts and frames
for viruses, Trojan horses, spyware, and other malicious objects. There are also Dr.Web LinkCheckers extension/addons and plugins for the web browsers which Scans web pages before they are opened.

AVG Online web based scanner : AVG Online Virus Scanner | Scan Web Pages | AVG LinkScanner Drop Zone



The AVG LinkScanner@ Drop Zone lets you check the safety of individual web pages you are about to visit. just copy the URL or domain and paste it into the AVG ONLINE SCAN box. It will examine the web page in real time to see whether it's hiding any suspicious downloads.
Avg Scan result shows 30-day report for domain. current status, whether active threats were reported by users anywhere on same domain.

Tips to protect your sites from the web malwares and hacking attacks :

* Keep recommended, secure permission and ownership for the files and folders.
* Use validation and password protection for the pages/folders as much as possible.
* Frequently review your scripting files for the suspicious links, code, iframes and redirects.
* Frequently download your all files from the server and scan with good antivirus application on local machine.


Following are some well known websites, forums, blogs where you can find latest threats, vulnerabilities, security tools and services information :

Open Web Application Security Project : Category:Attack - OWASP

Anti-virus and Security application Support Forums :

Avast Support Forum>> avast!WEBforum - Index

McAfee Support Forum >> https://community.mcafee.com/index.jspa

AVG Free Forum >> Free Antivirus | Forum - Free forum

ClamAV Support >> Clam AntiVirus

Kaspersky Support Forum >> Kaspersky Lab Forum (Powered by Invision Power Board)

AVIRA Support Forum >> Startseite - Avira Support Forum

Dr.Web Support Forum >> Dr.Web users' forum (Powered by Invision Power Board)

ClamWin Support Forum >> ClamWin Free Antivirus :: Index

Bitdefender Support Forum >> BitDefender Forum

MS OneCare Support Forum >> Security Forum

QuickHeal Supprot >> Quick Heal-Support

Norman Support Forum >> Norman Support - Index page

ESET Support Forum >> Wilders Security Forums - Powered by vBulletin

F-Prot Support Forum >> https://forum.f-prot.com/

F-Secure Support Forum >> F-Secure forum

A² Support Forum >> Emsisoft Support

Virus Encyclopedias : 0days exploit, viruses detail information :

AVG Virus Encyclopedia >> AVG - Virus Encyclopedia | Latest Computer Viruses | Virus List

Symantec Virus Encyclopedia >> Virus Definitions & Security Updates - Symantec Corp.

Kaspersky Virus Encyclopedia >> What we detect - Securelist

ClamAV Library Current Threats >> Clam AntiVirus

McAfee AVERT Library >> Virus Information | McAfee

BitDefender Encyclopedia >> Latest Computer Viruses | Virus List | BitDefender Virus Encyclopedia

Panda Virus Encyclopedia >> INFORMATION ABOUT VIRUS - Malware Search Engine - Encyclopedia - PANDA SECURITY

TrendMicro Virus Encyclopedia >> Trend Micro Virus Information, virus alerts, advisories, Top 10, antivirus, worm, trojan, macro, free, virus encyclopedia

CA Virus Encyclopedia >> CA Virus Encyclopedia Browse

RAV Virus Encyclopedia >> RAV AntiVirus Website - Virus Encyclopedia

NOD32 Virus Encyclopedia >> ESET Threat Encyclopedia
http://www.eukhost.com/forums/f42/how-scan-clean-website-viruses-13199/

你可能感兴趣的:(Web)