Malware can be of different kinds such as viruses, worms, trojans, spyware, ransomware, etc. As per the report of AV-TEST Institute, every day it registers over 350,000 new malicious programs and potentially unwanted applications(PUA). Day by day the no. of malicious software is increasing. The last five years data as per AV-TEST institute, in 2015 there were 470.01m malware found. In 2016, 2017, 2018 the no of malware found are 597.49m, 719.15m, 856.62m respectively. And in 2019 its around 972.37m. Now anyone can guess from statistics that no. of the attacks also increased as no. of malware increased.

Some Common Attacks:

1. Trojan Horse(Trojan):

A trojan looks like a normal file and hence tricks users into downloading it. Once installed, it gives the attacker remote access to the system resulting in the theft of important data.

2. Virus:

Virus is dangerous as it can copy itself and spread to other devices by attaching themselves with executable programs, scripts, documents, etc. Viruses can result in malfunctioning of programs, harm systems, steal money, etc.

3. Worms:

Worms are the most common type of malware. They harm the network by consuming bandwidth and overloading web servers.

4. Backdoor:

A backdoor is a malware type that dodges the authentication process to gain remote access. Backdoors are majorly used to access databases and file servers in order to run commands and infect the website with malware.

Malware scanner

So now the question is how to prevent getting hacked? Here the malware scanner comes into the picture. A malware scanner/detector or virus scanner is a software that detects the malware into the system. It detects different kinds of malware and categories is based on the strength of vulnerability or harmfulness. The malware category will help to prioritize the malware to remove based on vulnerability or harmfulness.

What can a Malware Scanner do?

A Malware Scanner is required to detect any threats/possible threats to the website. The following are the checks our Malware Scanner performs to ensure website security.

1. Malware Scan:
• Backdoors, trojans, viruses, worms, etc are detected.
• Malicious code snippets are detected using more than 5 million malware signatures updated daily.
• Scan for the presence of any Obfuscated/Encoded malicious code.


2. Version check & Compare Files
• Check WordPress, plugins and themes version with Wordpress.org repository.
• Compare WordPress core, plugins and themes files with the marketplace repository to detect any file changes.
• Detect any changes in the files present in the WordPress plugins and themes folder.


3. Scan post and comment data
• Scan posts and comments data from databases to detect malware and malicious URLs.


4. Blacklist URLs
• Detect any URLs in code that are blacklisted for containing malicious or inappropriate content.


5. Whitelist URLs
• You can whitelist trusted URLs to avoid taking any action if that URL is flagged.


6. Check vulnerable plugins and themes
• Checks vulnerable plugins and themes and notify them.
• You can remove plugins and themes to enhance security.

Types Of Scan:

We offer a range of options to our users to meet their needs for an optimal and efficient malware scan.

1. Quick Scan:

Quick scan is used to scan plugins, themes and core files using malware signatures that are most commonly found. The scan is performed by just one click and needs no configuration.

2. Standard Scan:

Standard scan scans the entire website using more than a million signatures updated on a constant basis to catch Backdoors, trojans, viruses, worms, etc.

3. Deep Scan:

Deep scan scans the entire website using more than 6.5 million signatures that include signatures retrieved by analysis and research, and are updated on a constant basis. A deep scan is available when you upgrade to the Premium version.

4. Custom Scan:

Custom scan provides configurable options to choose which folders to scan, extensions to skip, etc. A custom scan is suitable when you make changes to only a specific folder/file.

Actions

A user can take the following actions for a file that was flagged as malicious:

1. View File:
• Users can view the file that was flagged for containing malicious code.
• It is secure to access the file as it would be opened in a new browser window.
• The code will be printed as it is and will not be executed to prevent malicious code from being executed.


2. Delete File:
• Users will get an option to delete the file flagged for containing malicious code.
• The file is not directly deleted because it may contain dependencies for other files.


3. Repair File:
• If the file is infected by attacks then the file can be repaired or replaced with its original content.


4. Trust the File:
• Users can mark a file as “trusted” in case a false positive is encountered or if a file with low risk is flagged and the user wants to ignore it.

Advantages:

1. Wide Range of Signatures:

We use over 5 million signatures to scan the website. We offer a wide range of signatures capable of detecting malware for multiple programming languages.

2. Up-to-date signatures:

The signatures for detecting malware are updated constantly making our scanner capable of detecting the latest malware.

3. Fast Execution:

We offer fast and reliable scan results compared to the market.

4. Multiple Deployment Ways:

We offer Cloud as well as an On-premise service.

Architecture:

The architecture can be differentiated into two ways.

1. Cloud Architecture:

While using cloud architecture the file is sent from Wordpress Server to the scanner server and the scanner server will scan the file data to detect malware and it will send the result to the Wordpress server.


2. On-premise Architecture:

In the On-premise architecture, the files are scanned on the same system. The scanner will read the files, scans for malware and sends the result to the plugin.