6 April, 2017: Magento Marketplace uses this scanner for new extensions
27 March, 2017: this scanner is now used by the Mage Security Council
Scan your site in 30 seconds
On a standard Linux or Mac OSX server, run two commands to find infected files:
wget git.io/mwscan.txt
grep -Erlf mwscan.txt /path/to/magento
Advanced scanner for sysadmins: mwscan
Features:
- Incremental scans: only display hits for new files. Plus, normal scanning may use lots of server power. So only scanning new files is a great optimization.
- Faster scanning: using Yara is 4-20x times faster than grep.
- Efficient whitelisting: some extension vendors have obfuscated their code so that it looks exactly like malware. We maintain a list of bad-looking-but-good-code to save you some false alarms.
- Extension filtering: most of the time, it is useless to scan image files, backups etc. So the default mode for the Malware Scanner is to only scan web code documents (html, js, php).
See advanced usage.
Objective
For the free MageReport we already analyse lots of malware samples. Now, many system administrators are doing the same work. That's incredibly inefficient. Goal:
Once a particular strain of malware has been found and analyzed, nobody should have to duplicate these efforts.
This repository is a community effort of security conscious people. Contributions most welcome!
Test coverage
Travis-CI verifies:
- that all samples are detected
- all signatures match at least one sample
- Magento releases do not trigger false positives