2ndmouse — 2012-09-30T11:20:54-04:00 — #1
Just thought I'd pop the question here in case anyone was familiar with this aspect of security.
I'm looking for an accurate (hopefully free) scanner for detecting malware on a web site. Google obviously have their own method, but it doesn't appear to be available as a downloadable script. I suppose I shouldn't be surprised as public access to their script would be a god-send to unethical hackers.
If any of you have experience in this area, I would appreciate your advice.
Also, if I managed to find such a script, how would I go about testing it? I presume I would have to load some real malware on my site or maybe test it locally using a XAMPP installation or similar. However, where would I get sample malware code?
Anyway, I live in hope of someone pointing me in the right direction.
Cheers to all
logic_earth — 2012-09-30T18:18:41-04:00 — #2
Why roll your own when you could just use Google's Safe Browsing API and get the same thing?
dklynn — 2012-09-30T19:43:58-04:00 — #3
Ask your host to implement a "maldet scan." For some reason, hosts seems to keep that as a perk unto themselves but it does offer a great detection facility and can e-mail scan results (either none detected or identify the specific files).
2ndmouse — 2012-10-01T03:25:49-04:00 — #4
Maybe, I should have mentioned that I am looking for a scanner to incorporate in my script (briefly mentioned in my signature). It looks like logic_earth's suggestion is a possibility, but it will take some studying and, (with my ever-diminishing brain power) will take some time to understand and implement.
I do actually possess a malware script which seems to work, but the results are amazingly difficult to interpret, and apparently, is a hit-n-miss affair anyway, so not entirely reliable. If anyone is interested I can make it available to you. Unfortunately, this script can not be used remotely (which is not what I'm looking for).
I'll spend some time studying the google api and will update this thread with my findings.
Regards to all and thanks again
2ndmouse — 2012-10-01T04:44:51-04:00 — #5
This should of course be: "I do actually possess a malware detection script"
logic_earth — 2012-10-01T14:49:35-04:00 — #6
There is also VirusTotal, they have a public API that allows you to send files or site URLs to be scanned.
2ndmouse — 2012-10-02T03:00:26-04:00 — #7
I'm currently investigating that one.
I also found this link where there's a number possible options:
2ndmouse — 2012-10-06T17:38:08-04:00 — #8
I have looked at many possibilities to match my my needs, including python and ruby scripts, but I eventually settled on virustotal's public api - it checks with more than 30 different DBs. It works a treat and is easy to combine with my existing script. I'm still testing so I can't vouch for it's accuracy 100%. However, it appears to match with other results from on line services - thanks for the recommendation logic