Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use iScanner to delete malicious web code on Linux server". The explanation content in this article is simple and clear, easy to learn and understand. Please follow the idea of Xiaobian slowly and deeply to study and learn "how to use iScanner to delete malicious web code on Linux server" together!

Step 1: Installation

First, make sure Ruby is installed on your server.

The code is as follows:

#ruby -v //View Ruby's version info

If it is not installed on the server, you can install ruby through yum or apt-get (select the corresponding installation method according to your server system)

The code is as follows:

#yum install ruby //centos install with yum

#apt-get install ruby //ubantu Install with apt-get

iScanner does not require additional libraries and does not need to be installed, but the author has made an installation and uninstall script that allows us to install and uninstall iScanner with the following command

The code is as follows:

# ./ installer -i //This command installs iScanner to the default directory '/etc/iscanner', but we can change and choose our favorite installation directory using the'-d 'parameter:

# ./ installer -i -d /opt/iscanner //install iscanner in/opt/iscanner directory

Uninstalling iscanner is also very simple, the command is as follows:

The code is as follows:

# ./ installer -u

Step 2: Detailed explanation of parameters

-R Use this parameter field to scan remote web pages or websites.

# iscanner -R http://example.com

-F Scan the specified file with this parameter.

# iscanner -F /home/user/file.php

-f Scan the specified directory with this parameter.

# iscanner -f /home/user

-e This parameter allows us to scan only files with the specified file extension. By default, iScanner only scans files with htm, html, php, js extensions. If you want to scan other files with specific extensions, use the following command

# iscanner -f /home/user -e htm:html //only scan htm and html files under/home/user

-d iScanner loads the latest malicious code signature library by default. If you want to use the old version or modified version of the malicious code signature library, you can specify the signature library with the following command:

# iscanner -f /home/user -d database.db

-M with this parameter allows us to specify malicious code, and let iscanner automatically generate regular expressions, scan your specified website or page (prevent us from trying to scan specified code, such as js ad code, etc.)

# iscanner -M /home/user/malware_code.txt -f /home/user

# iscanner -M /home/user/malware_code.txt -R http://example.com

-o This parameter allows you to save the scanned log file to a specific place and file name. If this parameter is not specified, the default infection log file format is "infected-[TIME]-[DATE].log". Examples of parameters are as follows:

# iscanner -f /home/user -o user.log

-m Use this parameter to send the scanned log file to the specified mailbox.

# iscanner -f /home/user -m email@example.com

-c With this parameter, malicious code can be removed from infected files without deleting infected files. When you use this parameter, it's a good idea to check the log files to make sure iscanner removes malicious code from which files.

# iscanner -c infected.log

-b This parameter allows iscanner to backup infected files before deleting malicious code. The default backup file name is "backup-[TIME]-[DATE]".

# iscanner -b -c infected.log

-r This parameter allows us to recover deleted files from backup files

# iscanner -r backup/

-a This parameter causes iscanner to automatically purge all infected files. This parameter can be dangerous when you haven't scanned the file first or you don't know what the result will be.

# iscanner -f /home/user -a

-D This parameter allows iscanner to run in debug mode and will be useful if you run into a problem.

# iscanner -f /home/user -D

-q If you don't want to see any iscanner output, you can use this command to make iscanner run in quiet mode.

# iscanner -f /home/user -q

-s This parameter allows us to pass infected files to iscanner developers for analysis to improve and upgrade the malicious code signature library

# iscanner -s /home/user/malicious_file.html

-U This parameter can be used to upgrade iscanner and malicious code signature libraries

# iscanner -U

-u This parameter is used to upgrade the malicious code signature library without upgrading iscanner

# iscanner -u

-v This parameter is used to query the version of the printout iscanner and the version number of the malicious code signature library.

# iscanner -v

-h This parameter can query help information.

# iscanner -h

database feature

The code is as follows:

- - 0.0

- (REGULAR EXPRESSION)

- Signature comment.

- :

* The first row is the id '0.0' of the feature.

* Option parameters:

MU --> Multiline regular expressions.

LN --> one-line regular expression.

RE --> Scan remote or local files with regular expressions.

LO --> Scan only local files with regular expressions.

Some tips and suggestions for tool developers:

* You can easily modify regular expressions of malicious code signature library

* If several of your links have been compromised, you can add signatures to the signature library and have iscanner scan all infected files

* You can scan your files regularly by putting iscanner in crontab, and send the scan results to your specified email, how convenient!

* you can configure your ftp server so that iscanner scans all uploaded files and if there are infected files, sends a scan log to the specified file alert to notify the administrator.

Thank you for reading, the above is "Linux server how to use iScanner to delete malicious web code" content, after the study of this article, I believe that everyone on Linux server how to use iScanner to delete malicious web code This problem has a deeper understanding, the specific use of the situation also needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.