Scanning and administering scans

Performing a new scan

Performing a scan is a very simple process. Just go to Admin Tools and click on Malware Detection, PHP File Change Scanner. On that page, simply click on Scan Now to initiate the scan. The scanning status is displayed below the list of scans.

The scan process is split in many steps in order to avoid server timeouts. Take a look at the Last server response label. It tells you for how long the current step is running. If this figure goes over 120 seconds, you can be sure that the scan is stuck. In case the scan is stuck or throws an error, please read the "How does it work?" section.

Please note that the first time you run this feature, all scanned PHP files will be reported as Added. This is normal. Since there was no previous scan, all PHP files are new as far as Admin Tools is concerned. A positive side-effect of this behaviour is that all PHP files go through the "Threat score" determination engine which will typically result in a list of 30-100 files you should check. In other words, even if you run this feature for the first time after a site is hacked, it will narrow down the list of files you should check.

Managing scans

PHP File Scanner: Managing scans

The main page of the PHP File Change Scanner feature gives you an overview of the scan operations. From left to right, you see the following columns on each row:

  • A checkbox which is used to select the row(s) you want to delete, by pressing the Delete button on the toolbar.

  • The scan ID (a number) is a monotonically increasing number, i.e. each new scan has an ID which is equal to the previous scan's ID plus one.

  • Scan date is the date and time this scan was performed. The date and time are shown in GMT (UTC) timezone.

  • Total files is the total number of PHP files which Admin Tools detected

  • Modified is the total number of PHP files which Admin Tools detected that are modified since the last scan or have a threat score greater than 0 and not marked by you as safe.

  • Possible threats is the total number of PHP files, new, added or modified, with a non-zero threat score.

  • Added is the total number of PHP files which were added since the last scan.

  • Actions & Reports contains a link titled View Report when modified or added files are detected on your site.