Home Security Tools PHPMussel- PHP Primarily based Anti-Virus, Anti-Trojan and Anti-Malware Resolution

PHPMussel- PHP Primarily based Anti-Virus, Anti-Trojan and Anti-Malware Resolution

by ethhack

PHPMussel- PHP Primarily based Anti-Virus, Anti-Trojan and Anti-Malware Resolution

A really perfect answer for shared internet hosting environments, the place it is usually not doable to utilise or set up standard anti-virus safety options, phpMussel is a PHP script designed to detect trojans, viruses, malware and different threats inside information uploaded to your system wherever the script is hooked, primarily based on the signatures of ClamAV and others.


  • Simple to put in, straightforward to customize, straightforward to make use of.
  • Works for any system with PHP+PCRE put in, no matter OS (PHP+PCRE required).
  • Absolutely configurable primarily based in your wants.
  • Supreme answer for shared internet hosting providers.
  • Supreme answer for discussion board techniques in want of file add safety.
  • Does NOT require shell entry.
  • Does NOT require administrative privileges.
  • CLI mode accessible.
  • Good, sturdy, steady assist base.

Find out how to Set up?


1. By your studying this, we’re assuming you have already downloaded an archived copy of the script, decompressed its contents and have it sitting someplace in your native machine. From right here, you may wish to work out the place in your host or CMS you wish to place these contents.

A listing comparable to /public_html/phpmussel/ or comparable (although, it does not matter which you select, as long as it is one thing safe and one thing you are proud of) will suffice. Earlier than you start importing, learn on..

2. Rename config.ini.RenameMe to config.ini (situated inside vault), and optionally (strongly really useful for superior customers, however not really useful for newbies or for the inexperienced), open it (this file comprises all of the directives accessible for phpMussel; above every possibility needs to be a short remark describing what it does and what it is for).

Modify these directives as you see match, as per no matter is suitable to your explicit setup. Save file, shut.

3. Add the contents (phpMussel and its information) to the listing you’d selected earlier (you need not embody the *.txt/*.md information, however largely, it is best to add every thing).

4. CHMOD the vault listing to “755” (if there are issues, you’ll be able to attempt “777”; that is much less safe, although). The primary listing storing the contents (the one you selected earlier), normally, might be left alone, however CHMOD standing needs to be checked when you’ve had permissions points prior to now in your system (by default, needs to be one thing like “755”).

In brief: For the bundle to work correctly, PHP wants to have the ability to learn and write information contained in the vault listing. Many issues (updating, logging, and so forth) will not be doable, if PHP cannot write to the vault listing, and the bundle will not work in any respect if PHP cannot learn from the vault listing.

Nonetheless, for optimum safety, the vault listing should NOT be publicly accessible (delicate data, comparable to the knowledge contained by config.ini or frontend.dat, may very well be uncovered to potential attackers if the vault listing is publicly accessible).

5. Set up any signatures that you will want. See: INSTALLING SIGNATURES.

6. Subsequent, you may have to “hook” phpMussel to your system or CMS. There are a number of alternative ways you’ll be able to “hook” scripts comparable to phpMussel to your system or CMS, however the best is to easily embody the script at first of a core file of your system or CMS (one which’ll typically at all times be loaded when somebody accesses any web page throughout your web site) utilizing a require or embody assertion.

Often, this’ll be one thing saved in a listing comparable to /consists of, /belongings or /capabilities, and can usually be named one thing like init.php, common_functions.php, capabilities.php or comparable. You will should work out which file that is to your scenario;

Should you encounter difficulties in figuring out this for your self, go to the phpMussel points web page at GitHub or the phpMussel assist boards for help; It is doable that both myself or one other person might have expertise with the CMS that you just’re utilizing (you may have to tell us which CMS you are utilizing), and thus, could possibly present some help on this space.

To do that [to use require or include], insert the next line of code to the very starting of that core file, changing the string contained contained in the citation marks with the precise handle of the loader.php file (native handle, not the HTTP handle; it will look much like the vault handle talked about earlier).

Save file, shut, reupload.


Should you’re utilizing an Apache webserver and when you have entry to php.ini, you should use the auto_prepend_file directive to prepend phpMussel at any time when any PHP request is made. One thing like:

auto_prepend_file = “/user_name/public_html/phpmussel/loader.php”

Or this within the .htaccess file:

php_value auto_prepend_file “/user_name/public_html/phpmussel/loader.php”

At this level, you are finished! Nonetheless, it is best to most likely check it out to ensure it is working correctly. To check out file add protections, try to add the testing information included within the bundle underneath _testfiles to your web site through your traditional browser-based add strategies.

(Be sure to’ve included the phpmussel*.*db signature information in your Lively setting for the check information to set off). If every thing is working, a message ought to seem from phpMussel confirming that the add was efficiently blocked. If nothing seems, one thing is not working appropriately. Should you’re utilizing any superior options or when you’re utilizing the opposite varieties of scanning doable with the software, I might counsel attempting it out with these to ensure it really works as anticipated, too.

Find out how to Use?


phpMussel ought to be capable to function appropriately with minimal necessities in your half: After putting in it, it ought to work instantly and be instantly usable.

File add scanning is automated and enabled by default, so nothing is required in your behalf for this explicit performance.

Nonetheless, you are additionally in a position to instruct phpMussel to scan particular information, directories and/or archives. To do that, firstly, you may want to make sure that the suitable configuration is about within the config.ini file (cleanup should be disabled), and when finished, in a PHP file that is hooked to phpMussel, use the next closure in your code:

$phpMussel[‘Scan’]($what_to_scan, $output_type, $output_flatness);

  • $what_to_scan generally is a string, an array, or an array of arrays, and signifies which file, information, listing and/or directories to scan.
  • $output_type is a boolean, indicating the format for the scan outcomes to be returned as. false instructs the operate to return outcomes as an integer. true instructs the operate to return outcomes as human readable textual content. Moreover, in both case, the outcomes might be accessed through international variables after scanning has accomplished. This variable is elective, defaulting to false. The next describes the integer outcomes:

Outcomes        Description
-4        Signifies that knowledge could not be scanned resulting from encryption.
-3        Signifies that issues have been encountered with the phpMussel signatures information.
-2        Signifies that corrupt knowledge was detected in the course of the scan and thus the scan failed to finish.
-1        Signifies that extensions or addons required by PHP to execute the scan have been lacking and thus the scan failed to finish.
0       Signifies that the scan goal does not exist and thus there was nothing to scan.
1       Signifies that the goal was efficiently scanned and no issues have been detected.
2       Signifies that the goal was efficiently scanned and issues have been detected.

  • $output_flatness is a boolean, indicating to the operate whether or not to return the outcomes of scanning (when there are a number of scan targets) as an array or a string. false will return the outcomes as an array. true will return the outcomes as a string. This variable is elective, defaulting to false.

Source link

Related Articles

Leave a Comment