Explaining the “Settings” tab

  • “Quick Scan” mode
    It configures antivirus to check critical files only: ph*, js, htm*, .htaccess, txt, tpl and some others. It will not scan media files (.png, .jpg, …), documents (.docx, .xlsx, .pdf, ..),  and some other types. This helps to reduce server load and increase scanning speed dramatically.
  • “Skip images and other media files”
    It configures antivirus to check all files besides media files and documents. This also helps to reduce server load and increase scanning speed dramatically. The difference between previous option is that enabled “Skip images…” makes antivirus scan unknown extensions, but “Quick scan” will skip them.
  • “Optimize scanning by speed”
    It configures antivirus to turn on an “intelligent mode” while scanning cache folders. It will scan files from cache folders selectively which sometimes dramatically speed up the scanning process with the same level of malware detection.
  • “Max working threads”
    It specifies the amount of concurrent scanning threads, i.e how many websites will be scanned or cleaned concurrently. By default it is limited by a half of CPU core number. So if your server has 8 cores, the antivirus allows to configure 4 concurrent threads as maximum. But you can set to 1 or 2 just to reduce server load during scanning process.
  • “Scheduled rescanning”
    It configures the interval of automatic website rescanning: once a day, once a week, once a month or never.  We recommend to set it to “Daily” to be notified ASAP about any security issues.
    This option is available in Premium version of antivirus.
  • “Max allocated memory…”
    It configures how much memory is allowed for a single scanning process. If some websites fail to scan try to increase this value. It is limited by 1GB.
  • “Number of days to keep…”
    It configures antivirus to keep backup versions of cleaned files. During this period you can restore these files back using “Undo” button.
  • “Trim malicious files insted of deleting it”
    It configures antivirus do not delete files when malware is detected but trim it instead. So the file will be 0 length but kept in the file system. If you are 100% sure that all detected malicious files are not included into another files or database so you can uncheck this option and run “Cleanup”.
  • “Update antivirus database automatically”
    It configures antivirus to update malware database automatically every day. We recommend to enable this option.
  • “Email admin on website infection”
    It configures antivirus to send out a email notification after scheduled scanning if websites are infected or blacklisted.
    This option is available in Premium version of antivirus.

Troubleshooting

1. I payed for the extension, but it is not yet Premium

If you purchased the license for Premium version and cannot activate the key, check this section.

2. I click the “Scan” button, but it doesn’t start scanning

When you click the “Scan” button it doesn’t start immediately, it queues the task to scan the website. You should see “Queued” status in the line. Once the server resources are available it starts scanning and displaying a progress.

3. The Antivirus doesn’t cleanup some of malicious files

Check the Malware Removal report to see the details. There might be the following reasons:

  • Malicious file is write-protected or folder of the file is write-protected so the antivirus cannot write or delete it. Check it with server administrator.
  • Malicious file was missed or not readable at the time of cleanup.
  • Malicious file is not in the cleanup database of the Antivirus. In this case you “Manual cleanup required” status next to the file. Please, send it to us and we will check and add it for automatic cleanup.

4. I scheduled the re-scanning for today but it does not start at specified time

Scheduled re-scanning of files starts at specified time only if it’s been more than 24 hours since last website scanning. So if you would not scan it manually it will be checked the day after.

5. When I click the “Scan All” button the websites start scanning in random order

Order of websites scanning depends on two things:

  • selected order in the table
  • order of domains registration

For your convenience we would recommend sorting the table by “State” column. Just click it to reorder.

6. When I click “Scan” or “Clean” it fails

Please, follow the steps to gather information for analysis and send it to us.

Does the Antivirus check web pages or database for malware?

Current version of the Antivirus check files in website folders but does not scan database or website pages so we’d also recommend checking websites using free online scanner – ReScan.Pro. It will detect security issues which the Revisium Antivirus cannot detect.

For Server Admins

If you suspect the fact of server compromise we recommend to do the following steps immediately:

  • change the root user credentials and disable SSH and FTP connection for other users before the comprehensive analysis of server security is done;
  • check the auth/security logs in the /var/logs for unauthorized connections;
  • scan the /tmp, /var/tmp and the folders staring from /home or /var/www for malware using free command-line malware scanner AI-BOLIT and check them for unusual files such as linux binaries and sources or per/php scripts outside the doc root folders;
  • check for the suspicious (usually, “long-term”) background processes in the “top” / “htop” / “ps auxww”;
  • check for the suspicious external connections in the “netstat”.

Or just order professional server security analysis and malware clean up service at Revisium.

What if the Antivirus has not detected some malicious files?

We do our best to keep the Antivirus database frequently updated and complete in order to detect as much threats as possible. But still there might be a small chance that some of newly released malicous files are not yet in the database. Or there might be also another drawbacks:

  1. Check if you’re using the latest version of the ImunifyAV (check for the extension updates)
  2. Check if you’re using the latest version of the Antivirus database (check it in the “About” tab)
  3. Check current settings in the “Settings” tab. By default the Antivirus scans for critical extensions only (php, js, html, and some others). It provides a better performance while scanning everything besides the media files and documents. But the viruses may be located in those files either. So you may want to try the Antivirus in the “full scan” mode by switching the scanning option.
  4. If you try everything above but the Antivirus still does not see the infected file, please, send us the file. We will analyse it and add to the Antivirus database for the next update.

If you found a malicious file which has not been detected by antivirus, please send it to us via https://drop.revisium.com

Thanks!

How to update the Antivirus?

In the “Settings” tab you can enable auto-update option of the Antivirus databases.

Another way for quick-update of the A/V databases is to open the “About” tab and click the “Update Databases”.

Also we recommend for server admins checking the ImunifyAV extension for a newer version just to keep the core files up-to-date.

How to speed up the Antivirus?

The Antivirus scanning performance mostly depends on server performance. But the default configuration of the Antivirus may not be optimal so we would recommend server admins to adust the default settings for better performance. Just open the “Settings” tab and check the current parameters.

  • “Quick Scan” mode – if checked, the antivirus scans critical files only (php,  js, html, htaccess, txt and some others). If you need to scan all files, uncheck the option.
  • Skip images and other media – if checked, it will skip jpg, png, gif, avi, mpg, mov, bmp, tiff, docx, xlsx, pptx, pdf, and some others. if you need to scan all files, uncheck the option.
  • Optimize by speed – if checked, the antivirus will do intelligent scanning of cache folders of CMS to speed up overall process. Uncheck the option for careful scanning.
  • Max working threads – how many websites are to be scanned simultaneously.

Strong recommendation for server admins managing servers with 4 or more number of CPU cores or lots of websites installed to change the “Max working threads”.

As the opposite if you feel that the Antivirus consumes lots of server resources just decrease the parameters “Max working threads” and “Max allocated memory…”.

 

When antivirus has detected malware in the legitimate file

There’s small chance that you may face with so-called “false-positives” while scanning the websites for malware i.e. when antivirus software marks a legitimate file as malicious because the file may contain some specific piece of code previously noticed in malware.
Just send us the file and we will include it into the exceptions list of the Antivirus so it will never show up in the report after the antivirus update.

If antivirus has detected a file which is not malicious, please report a “false-positive” via https://drop.revisium.com (e.g. send the file via this service)

My websites are clean, what to do next?

It is good to hear that everything in the report has “green” status.

Just follow the recommendations on websites security to keep them safe and secured. And do not forget to re-scan your websites on a regular basis.

If you are server admin we recommend to schedule re-scanning in the “Settings” tab so the Antivirus will be checking websites for malware automatically with selected interval. This option is available in the Premium version of the extension.