Click Malware Scanner in the main menu of Imunify360 user interface to get to the Malware Scanner page.
Note. The functionality described on this page depends on Malware Scanner settings.
Imunify360 Malware Scanner can scan file systems for malware injection and quarantine infected files.
This is also a real time file scanner for vulnerability and it does:
1.Scanning files uploaded via FTP (supporting Pure-FTPd).
2.Scanning files uploaded via HTTP/HTTPS.
3.Scanning files for changes via inotify.
4.On-demand scanning (any folder you need).
Note that when using Mod_Security for real-time scans, it is only possible to detect file owner if Apache is running with mod_ruid2 configured. In other cases, the user for these files will always be the user a web server is running under (usually nobody).
Malware scanning allows you to:
•observe scanner activity;
•start on-demand file scanner;
•manage malicious and quarantined files;
•manage ignore list.
Observing Malware Scanner activity
Go to Malware Scanner page and choose Dashboard tab. On this page, the file scanning activity from the beginning of the current day is displayed by default. It is possible to use a Timeframe filter to observe scanner activity within the particular time period.
The scanner activity is filtered by:
•Malicious - the number of files where Malware Scanner has detected a malicious activity. It is possible to configure the action to be applied to the files:
oMove to quarantine;
oTry to restore from backup;
oDisplay in dashboard.
Please find more details in the Malware Scanner settings section.
•Quarantined - the number of quarantined files that are not available for the user.
•Restored from quarantine - the list of the files restored from the quarantine manually.
On-demand file scanner
It is possible to scan a specific directory for malware. Go to Malware Scanner page and choose On-demand scan tab. Then proceed the following steps:
1. Enter a folder name you need to scan in the Folder to scan field. Start typing with the slash “/”.
It is possible to use Advanced settings:
•Filename mask. It allows to set file type for scanning (for example, “*.php” - all the files with extension php). Default setting is “*” which means all files without restriction.
•Ignore mask. It allows to set file type to ignore (for example, “*.html” - will ignore all file with extension html).
2. Click Start.
At the right top corner Malware Scanner status is displayed:
•The Scanner is stopped - means that there is no scanning process running.
•The Scanner is running - means that scanner is working at the moment.
After Malware Scanner stops on-demand scanning you will see the results in the table below with the following information:
•Date - the date when the scanning process was started.
•Path - the name of the folder that was scanned.
•Total - the total number of files scanned.
•Malicious - the number of malicious files found during the scanning.
•Action - you can click on an icon in this column to perform particular actions.
To review and manage malicious files go to Malicious Files tab described below.
Managing files detected as malicious
Go to Malware Scanner → Dashboard → Malicious Files. This page has a table with malicious and quarantined files.
Use filters to show a list of files in a table:
•Timeframe - allows to filter files for different time period of detection.
•Page size - allows to set the number of files to be shown on a page.
•Search field - allows to search files by filename.
Malicious Files Table
The following information is available in the table:
•Date/time of detection - hover mouse over clock icon to show the exact time when file was detected as malicious.
•Username - file owner name.
•File - the path where the file is located.
•Scan type - shows which way was used to detect the malicious activity. Can be one of the following:
oOn-demand, which means that the file was found during manual scanning;
oReal-time, which means that the file was detected during real-time scanning process.
•Reason - describes the signature which was detected during the scanning process. Names in this column depend on the signature vendor.
•Quarantined - displays whether a file is put on quarantine or not.
•Actions - displays the possible actions with a file.
It is possible to manage suspicious files in the table:
•Delete files permanently
•Add to ignore list
•View file content
•Restore from quarantine
•Restore from backup
Delete files permanently
Click cog icon in the file line and choose Delete permanently in the drop-down.
To do mass action tick several checkboxes or one in the table header to perform action on all files and click cog icon or Group Actions link above the table. Choose Delete permanently in the drop-down.
Add to ignore list
Add to ignore list action is performed simultaneously with Restore from quarantine action. Please go to Restore from quarantine section.
Read more about ignore list.
Note. If a file is added to ignore list Malware Scanner will no longer scan this file.
View file content
Click eye icon in the file line and the file content will be displayed in the pop-up. Only the first 100Kb of the file content will be shown in case if a file has bigger size.
Click fish icon in the file line and approve the action in the pop-up. It is possible to send a file to Imunify360 team for analysis and add file to the ignore list. To do so, tick Submit to the Imunify360 team for analysis checkbox and/or Add to ignore list checkbox and confirm by clicking Yes, Restore.
To do mass action tick several checkboxes or one in the table header to perform action on all files and click Not malware. Restore from quarantine above the table. Confirm the action in the pop-up.
Restore from backup
Click cog icon in the file line and choose Try to restore clean version from backup in the prop-down. Confirm the action in the pop-up bу clicking Yes, restore from backup.
To do mass action tick several checkboxes or one in the table header to perform action on all files and click cog icon or Group actions link above the table. Then choose Try to restore clean version from backup in the drop-down.
Go to Malware Scanner page and choose Ignore List tab. The table on the page shows all items (files and folders) added to ignore list and date and time when they have been added.
To add new file or new path to the ignore list do the following:
•Click Add new file or directory;
•In the pop-up enter the path to be added;
Note. Wildcards are not supported when adding paths to Ignore List. For example, the following paths are not supported:
To delete the item click a recycle bin icon and confirm the action. The item(s) will be rechecked by Malware Scanner after removal.
To search file or folder in the Ignore List use Search input field above the table.