SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Malware scanner - how does google do it?

    Just thought I'd pop the question here in case anyone was familiar with this aspect of security.

    I'm looking for an accurate (hopefully free) scanner for detecting malware on a web site. Google obviously have their own method, but it doesn't appear to be available as a downloadable script. I suppose I shouldn't be surprised as public access to their script would be a god-send to unethical hackers.

    If any of you have experience in this area, I would appreciate your advice.

    Also, if I managed to find such a script, how would I go about testing it? I presume I would have to load some real malware on my site or maybe test it locally using a XAMPP installation or similar. However, where would I get sample malware code?

    Anyway, I live in hope of someone pointing me in the right direction.

    Cheers to all
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Why roll your own when you could just use Google's Safe Browsing API and get the same thing?
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,680
    Mentioned
    20 Post(s)
    Tagged
    3 Thread(s)
    2mouse,

    Ask your host to implement a "maldet scan." For some reason, hosts seems to keep that as a perk unto themselves but it does offer a great detection facility and can e-mail scan results (either none detected or identify the specific files).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks guys

    Maybe, I should have mentioned that I am looking for a scanner to incorporate in my script (briefly mentioned in my signature). It looks like logic_earth's suggestion is a possibility, but it will take some studying and, (with my ever-diminishing brain power) will take some time to understand and implement.

    I do actually possess a malware script which seems to work, but the results are amazingly difficult to interpret, and apparently, is a hit-n-miss affair anyway, so not entirely reliable. If anyone is interested I can make it available to you. Unfortunately, this script can not be used remotely (which is not what I'm looking for).

    I'll spend some time studying the google api and will update this thread with my findings.

    Regards to all and thanks again
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  5. #5
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    I do actually possess a malware script
    This should of course be: "I do actually possess a malware detection script"
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    There is also VirusTotal, they have a public API that allows you to send files or site URLs to be scanned.
    https://www.virustotal.com/documentation/public-api/
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks logic

    I'm currently investigating that one.

    I also found this link where there's a number possible options:
    http://www.malwarehelp.org/freeware-...downloads.html

    Cheers
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  8. #8
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have looked at many possibilities to match my my needs, including python and ruby scripts, but I eventually settled on virustotal's public api - it checks with more than 30 different DBs. It works a treat and is easy to combine with my existing script. I'm still testing so I can't vouch for it's accuracy 100%. However, it appears to match with other results from on line services - thanks for the recommendation logic
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •