🛈 Vorschau — Feature-Seite im neuen Design. Die Live-Seite ist unverändert.
Home/ Features/ Malware Scanner
Malware Scanner

Malware scanner for every customer website.

Linux Malware Detect + ClamAV with 9.6M signatures. Detects PHP webshells, backdoors, injected code and compromised CMS files. Quarantine, false-positive flagging and daily auto-updates — right from the panel.

Start free →

Two proven scanners, one interface.

Linux Malware Detect (rfxn.com — the shared-hosting standard since 2002) and ClamAV (Cisco Talos) work together. 9.6M signatures, updated daily.

  • ClamAV core — ~8M signatures
  • LMD — 51,459 PHP shell and backdoor signatures
  • Sanesecurity — 1.5M mail-malware signatures
  • URLhaus & MalwarePatrol — phishing URL feeds
  • YARA CVE rules for 0-day vulnerabilities
  • Hourly core updates, daily extended updates
Features

What the scanner detects and how

Three detection layers: MD5 hashes of known malware, HEX patterns in files, YARA rules for structural detection.

PHP webshells

b374k, c99, r57, WSO, FilesMan, hexshell and 2,368 more HEX signatures — the most common WordPress and Joomla compromises.

Obfuscated code

eval(base64_decode()), gzinflate chains, str_rot13 wrappers. YARA rules identify code structure, not just the hash.

Mail malware

Sanesecurity signatures detect phishing templates, malicious macros (badmacro.ndb), Foxhole samples. rspamd uses ClamAV automatically for mail scanning.

Scan modes

Quick scan (files changed in the last 7 days) or full scan. Low I/O priority (nice 19, ionice 6) never competes with live traffic.

Quarantine & false positive

Move a flagged file to .quarantine/ with one click (root-owned dir, PHP has no read access). Or mark as false positive — future scans ignore it.

Auto-scheduler

A new site queued every 5 minutes. Max 2 parallel scans per server, hard timeout 30 min. Sites with prior findings are prioritised.

Live progress

Live ticker instead of waiting

Files-scanned / total, threats found and clean files update live while the scan runs. Window can be closed — scan continues in the background.

Open documentation

enconf Malware Scanner
In detail

What the scan checks

  • PHP webshells (b374k, c99, r57, WSO, FilesMan, hexshell)
  • Backdoors in PHP, Perl, Python
  • Obfuscated code: eval+base64, gzinflate, str_rot13
  • PHP mailer hijacks and spam-bot scripts
  • Modified WordPress, Joomla and PrestaShop core files
  • Cryptominer droppers and JavaScript injections
  • Malicious URLs via URLhaus feed (abuse.ch)
  • Phishing templates via Sanesecurity blurl.ndb
  • 22 active YARA rules for known CVE exploits
  • File size 24 bytes to 25 MB, recursive in customer directory
Related

More security features

Security & WAF

ModSecurity + OWASP CRS, fail2ban, nftables and AppArmor isolation.

Features →

Backup & DR

Encrypted backups, site restore after infection.

Features →

WordPress Toolkit

Core security scan, hardening and auto-updates.

Features →

Scan every customer website automatically.

7-day free trial · No credit card · Made in Germany

Start free →