Troubleshooting

1. I payed for the extension, but it is not yet Premium

If you purchased the license for Premium version and cannot activate the key, check this section.

2. I click the “Scan” button, but it doesn’t start scanning

When you click the “Scan” button it doesn’t start immediately, it queues the task to scan the website. You should see “Queued” status in the line. Once the server resources are available it starts scanning and displaying a progress.

3. The Antivirus doesn’t cleanup some of malicious files

Check the Malware Removal report to see the details. There might be the following reasons:

  • Malicious file is write-protected or folder of the file is write-protected so the antivirus cannot write or delete it. Check it with server administrator.
  • Malicious file was missed or not readable at the time of cleanup.
  • Malicious file is not in the cleanup database of the Antivirus. In this case you “Manual cleanup required” status next to the file. Please, send it to us and we will check and add it for automatic cleanup.

4. I scheduled the re-scanning for today but it does not start at specified time

Scheduled re-scanning of files starts at specified time only if it’s been more than 24 hours since last website scanning. So if you would not scan it manually it will be checked the day after.

5. When I click the “Scan All” button the websites start scanning in random order

Order of websites scanning depends on two things:

  • selected order in the table
  • order of domains registration

For your convenience we would recommend sorting the table by “State” column. Just click it to reorder.

6. When I click “Scan” or “Clean” it fails

Please, follow the steps to gather information for analysis and send it to us.

Does the Antivirus check web pages or database for malware?

Current version of the Antivirus check files in website folders but does not scan database or website pages so we’d also recommend checking websites using free online scanner – ReScan.Pro. It will detect security issues which the Revisium Antivirus cannot detect.

For Server Admins

If you suspect the fact of server compromise we recommend to do the following steps immediately:

  • change the root user credentials and disable SSH and FTP connection for other users before the comprehensive analysis of server security is done;
  • check the auth/security logs in the /var/logs for unauthorized connections;
  • scan the /tmp, /var/tmp and the folders staring from /home or /var/www for malware using free command-line malware scanner AI-BOLIT and check them for unusual files such as linux binaries and sources or per/php scripts outside the doc root folders;
  • check for the suspicious (usually, “long-term”) background processes in the “top” / “htop” / “ps auxww”;
  • check for the suspicious external connections in the “netstat”.

Or just order professional server security analysis and malware clean up service at Revisium.

What if the Antivirus has not detected some malicious files?

We do our best to keep the Antivirus database frequently updated and complete in order to detect as much threats as possible. But still there might be a small chance that some of newly released malicous files are not yet in the database. Or there might be also another drawbacks:

  1. Check if you’re using the latest version of the ImunifyAV (check for the extension updates)
  2. Check if you’re using the latest version of the Antivirus database (check it in the “About” tab)
  3. Check current settings in the “Settings” tab. By default the Antivirus scans for critical extensions only (php, js, html, and some others). It provides a better performance while scanning everything besides the media files and documents. But the viruses may be located in those files either. So you may want to try the Antivirus in the “full scan” mode by switching the scanning option.
  4. If you try everything above but the Antivirus still does not see the infected file, please, send us the file. We will analyse it and add to the Antivirus database for the next update.

If you found a malicious file which has not been detected by antivirus, please send it to us via https://drop.revisium.com

Thanks!

When antivirus has detected malware in the legitimate file

There’s small chance that you may face with so-called “false-positives” while scanning the websites for malware i.e. when antivirus software marks a legitimate file as malicious because the file may contain some specific piece of code previously noticed in malware.
Just send us the file and we will include it into the exceptions list of the Antivirus so it will never show up in the report after the antivirus update.

If antivirus has detected a file which is not malicious, please report a “false-positive” via https://drop.revisium.com (e.g. send the file via this service)

My websites are clean, what to do next?

It is good to hear that everything in the report has “green” status.

Just follow the recommendations on websites security to keep them safe and secured. And do not forget to re-scan your websites on a regular basis.

If you are server admin we recommend to schedule re-scanning in the “Settings” tab so the Antivirus will be checking websites for malware automatically with selected interval. This option is available in the Premium version of the extension.

Quick Introduction for Users

In order to scan your websites for malware using the ImunifyAV all you need is to click the “ImunifyAV” icothe n under particular domain and then click the “Scan” button.

When you click the “Scan” button the Antivirus queues a scanning task and runs it when server resources are available (it may start immediately or with some delay). The resources are configured by server admin so there might be a queue for the scanning process. The queue lets all users checking their websites on demand without server overload. Thus if you see “Queued” in the status column – everything is OK, scanning will start as soon as the resources are available or another scanning is finished.

Upon completion check the status. If the report shows a green icon, congrats, it usually means your website is not compromised and clean.

If you’ve noticed some “red alerts” next to the domain most likely it means the particular website is compromised and infected. Click the “View Report” button and see the details.

If you see some “orange alerts” next to the domain and “Domain blacklisted” notice it means the domain is blacklisted in either search engines or antivirus services. Click the “View Report” button to see blacklist status details.

Watch the quick demo on how it works: