Guide Category

134

Antivirus

Antivirus : Check script for suspicious files, this module is available in Admin CP, the module is using AJAX to check any suspicious files on your server, by default the module will check the script files that comes with script against the file lists you have in your server. The module uses antivirus class to identify the file list, it also uses snapshot features to save the white list of all files when you see if they are safe and trust, the module will also check the files if they have been modified or edited.
dlestarter
Antivirus Antivirus : Check script for suspicious files, this module is available in Admin CP, the module is using AJAX to check any suspicious files on your server, by default the module will check the script files that comes with script against the file lists you have in your server. The module uses antivirus class to identify the file list, it also uses snapshot features to save the white list of all files when you see if they are safe and trust, the module will also check the files if they have been modified or edited.
DLE Anti Virus Admin CP
DLE Anti Virus Admin CP

If there is files that not part of script will show the list like this

DLE Anti Virus Admin CP

You can take snapshot

DLE Anti Virus Admin CP
DLE Anti Virus Admin CP

If there is file(s) was modified after the snapshot was taken then it will show the list like this

DLE Anti Virus Admin CP

The following files are in white list by default:

Cache Files

	"./engine/cache/system/usergroup.php",
	"./engine/cache/system/category.php",
	"./engine/cache/system/vote.php",
	"./engine/cache/system/banners.php",
	"./engine/cache/system/banned.php",
	"./engine/cache/system/cron.php",
	"./engine/cache/system/informers.php",
	"./engine/cache/system/links.php",
	"./engine/data/config.php",
	"./engine/data/videoconfig.php",
	"./engine/data/wordfilter.db.php",

Good Default files: (Based on DLE 10.2)

	"./.htaccess",
	"./backup/.htaccess",
	"./engine/cache/.htaccess",
	"./engine/cache/system/.htaccess",
	"./engine/data/.htaccess",
	"./engine/data/emoticons/.htaccess",
	"./language/.htaccess",
	"./uploads/files/.htaccess",
	"./uploads/.htaccess",
	"./engine/ajax/quote.php",
	"./engine/ajax/vote.php",
	"./engine/ajax/feedback.php",
	"./engine/ajax/sitemap.php",
	"./engine/ajax/templates.php",
	"./engine/ajax/find_relates.php",
	"./engine/ajax/deletecomments.php",
	"./engine/ajax/calendar.php",
	"./engine/ajax/editcomments.php",
	"./engine/ajax/editnews.php",
	"./engine/ajax/favorites.php",
	"./engine/ajax/newsletter.php",
	"./engine/ajax/rating.php",
	"./engine/ajax/registration.php",
	"./engine/ajax/addcomments.php",
	"./engine/ajax/antivirus.php",
	"./engine/ajax/updates.php",
	"./engine/ajax/clean.php",
	"./engine/ajax/poll.php",
	"./engine/ajax/rss.php",
	"./engine/ajax/keywords.php",
	"./engine/ajax/pm.php",
	"./engine/ajax/bbcode.php",
	"./engine/ajax/upload.php",
	"./engine/ajax/typograf.php",
	"./engine/ajax/profile.php",
	"./engine/ajax/find_tags.php",
	"./engine/ajax/search.php",
	"./engine/ajax/message.php",
	"./engine/ajax/adminfunction.php",
	"./engine/ajax/allvotes.php",
	"./engine/ajax/rebuild.php",
	"./engine/ajax/complaint.php",
	"./engine/ajax/comments.php",
	"./engine/cache/system/usergroup.php",
	"./engine/cache/system/category.php",
	"./engine/cache/system/vote.php",
	"./engine/cache/system/banners.php",
	"./engine/cache/system/banned.php",
	"./engine/cache/system/cron.php",
	"./engine/cache/system/informers.php",
	"./engine/cache/system/links.php",
	"./engine/data/config.php",
	"./engine/data/videoconfig.php",
	"./engine/data/dbconfig.php",
	"./engine/data/wordfilter.db.php",
	"./engine/skins/default.skin.php",
	"./engine/skins/.htaccess",
	"./engine/editor/fullnews.php",
	"./engine/editor/fullsite.php",
	"./engine/editor/newsletter.php",
	"./engine/editor/shortnews.php",
	"./engine/editor/shortsite.php",
	"./engine/editor/comments.php",
	"./engine/editor/static.php",
	"./engine/editor/emotions.php",
	"./engine/editor/.htaccess",
	"./engine/editor/jscripts/tiny_mce/plugins/emoticons/.htaccess",
	"./engine/editor/jscripts/tiny_mce/plugins/emoticons/emotions.php",
	"./engine/classes/.htaccess",
	"./engine/classes/typograf.class.php",
	"./engine/classes/min/.htaccess",
	"./engine/classes/min/config.php",
	"./engine/classes/min/lib/JSMin.php",
	"./engine/classes/min/lib/Solar/Dir.php",
	"./engine/classes/min/lib/JSMinPlus.php",
	"./engine/classes/min/lib/Minify/Lines.php",
	"./engine/classes/min/lib/Minify/Cache/Memcache.php",
	"./engine/classes/min/lib/Minify/Cache/APC.php",
	"./engine/classes/min/lib/Minify/Cache/File.php",
	"./engine/classes/min/lib/Minify/Logger.php",
	"./engine/classes/min/lib/Minify/Packer.php",
	"./engine/classes/min/lib/Minify/CSS.php",
	"./engine/classes/min/lib/Minify/Controller/Groups.php",
	"./engine/classes/min/lib/Minify/Controller/Page.php",
	"./engine/classes/min/lib/Minify/Controller/Base.php",
	"./engine/classes/min/lib/Minify/Controller/MinApp.php",
	"./engine/classes/min/lib/Minify/Controller/Files.php",
	"./engine/classes/min/lib/Minify/Controller/Version1.php",
	"./engine/classes/min/lib/Minify/Build.php",
	"./engine/classes/min/lib/Minify/YUICompressor.php",
	"./engine/classes/min/lib/Minify/Source.php",
	"./engine/classes/min/lib/Minify/CommentPreserver.php",
	"./engine/classes/min/lib/Minify/ImportProcessor.php",
	"./engine/classes/min/lib/Minify/CSS/Compressor.php",
	"./engine/classes/min/lib/Minify/CSS/UriRewriter.php",
	"./engine/classes/min/lib/Minify/HTML.php",
	"./engine/classes/min/lib/FirePHP.php",
	"./engine/classes/min/lib/HTTP/Encoder.php",
	"./engine/classes/min/lib/HTTP/ConditionalGet.php",
	"./engine/classes/min/lib/MrClay/Cli/Arg.php",
	"./engine/classes/min/lib/MrClay/Cli.php",
	"./engine/classes/min/lib/Minify/JS/ClosureCompiler.php",
	"./engine/classes/min/lib/Minify/Cache/ZendPlatform.php",
	"./engine/classes/min/lib/Minify/YUI/CssCompressor.php",
	"./engine/classes/min/lib/Minify/HTML/Helper.php",
	"./engine/classes/min/lib/Minify/DebugDetector.php",
	"./engine/classes/min/lib/DooDigestAuth.php",
	"./engine/classes/min/lib/Minify/Loader.php",
	"./engine/classes/min/lib/Minify/ClosureCompiler.php",
	"./engine/classes/min/lib/Minify/Cache/XCache.php",
	"./engine/classes/min/lib/CSSmin.php",
	"./engine/classes/min/lib/Minify.php",
	"./engine/classes/min/index.php",
	"./engine/classes/min/groupsConfig.php",
	"./engine/classes/stopspam.class.php",
	"./engine/classes/flashplayer/media_player.swf",
	"./engine/classes/flashplayer/youtube.swf",
	"./engine/classes/flashplayer/media_player_v3.swf",
	"./engine/editor/scripts/common/mediaelement/flashmediaelement.swf",
	"./engine/modules/vote.php",
	"./engine/modules/addnews.php",
	"./engine/modules/antibot/antibot.php",
	"./engine/modules/antibot/.htaccess",
	"./engine/modules/antibot/fonts/.htaccess",
	"./engine/modules/banned.php",
	"./engine/modules/bbcode.php",
	"./engine/modules/calendar.php",
	"./engine/modules/comments.php",
	"./engine/modules/favorites.php",
	"./engine/modules/feedback.php",
	"./engine/modules/functions.php",
	"./engine/modules/gzip.php",
	"./engine/modules/lastcomments.php",
	"./engine/modules/lostpassword.php",
	"./engine/modules/offline.php",
	"./engine/modules/pm.php",
	"./engine/modules/pm_alert.php",
	"./engine/modules/profile.php",
	"./engine/modules/register.php",
	"./engine/modules/search.php",
	"./engine/modules/show.custom.php",
	"./engine/modules/show.full.php",
	"./engine/modules/show.short.php",
	"./engine/modules/sitelogin.php",
	"./engine/modules/static.php",
	"./engine/modules/stats.php",
	"./engine/modules/topnews.php",
	"./engine/modules/addcomments.php",
	"./engine/modules/poll.php",
	"./engine/modules/cron.php",
	"./engine/modules/banners.php",
	"./engine/modules/rssinform.php",
	"./engine/modules/deletenews.php",
	"./engine/modules/tagscloud.php",
	"./engine/modules/changemail.php",
	"./engine/modules/links.php",
	"./engine/modules/.htaccess",
	"./engine/api/api.class.php",
	"./engine/api/.htaccess",
	"./engine/inc/.htaccess",
	"./engine/inc/iptools.php",
	"./engine/classes/mail.class.php",
	"./engine/inc/mass_user_actions.php",
	"./engine/inc/blockip.php",
	"./engine/inc/categories.php",
	"./engine/inc/dboption.php",
	"./engine/inc/dumper.php",
	"./engine/inc/editnews.php",
	"./engine/inc/editusers.php",
	"./engine/inc/editvote.php",
	"./engine/inc/email.php",
	"./engine/inc/files.php",
	"./engine/inc/include/functions.inc.php",
	"./engine/inc/help.php",
	"./engine/inc/include/inserttag.php",
	"./engine/inc/main.php",
	"./engine/inc/videoconfig.php",
	"./engine/inc/tagscloud.php",
	"./engine/inc/complaint.php",
	"./engine/inc/links.php",
	"./engine/classes/thumb.class.php",
	"./engine/classes/comments.class.php",
	"./engine/classes/antivirus.class.php",
	"./engine/classes/uploads/upload.class.php",
	"./engine/inc/massactions.php",
	"./engine/classes/mysql.php",
	"./engine/inc/newsletter.php",
	"./engine/inc/options.php",
	"./engine/classes/parse.class.php",
	"./engine/inc/preview.php",
	"./engine/inc/static.php",
	"./engine/classes/templates.class.php",
	"./engine/inc/templates.php",
	"./engine/inc/userfields.php",
	"./engine/inc/usergroup.php",
	"./engine/inc/wordfilter.php",
	"./engine/inc/xfields.php",
	"./engine/inc/addnews.php",
	"./engine/inc/comments.php",
	"./engine/inc/banners.php",
	"./engine/inc/clean.php",
	"./engine/inc/rss.php",
	"./engine/inc/question.php",
	"./engine/inc/mass_static_actions.php",
	"./engine/inc/include/.htaccess",
	"./engine/inc/include/init.php",
	"./engine/classes/rss.class.php",
	"./engine/classes/recaptcha.php",
	"./engine/inc/search.php",
	"./engine/classes/download.class.php",
	"./engine/inc/cmoderation.php",
	"./engine/inc/rssinform.php",
	"./engine/inc/rebuild.php",
	"./engine/inc/logs.php",
	"./engine/classes/google.class.php",
	"./engine/inc/googlemap.php",
	"./engine/inc/check.php",
	"./engine/preview.php",
	"./engine/init.php",
	"./engine/opensearch.php",
	"./engine/engine.php",
	"./engine/print.php",
	"./engine/rss.php",
	"./engine/download.php",
	"./engine/go.php",
	"./index.php",
	"./cron.php",

What is AntiVirus Snapshot?

AntiVirus Snapshot will help you track the list of files you have and was modified after the snapshot was taken this will be extremely help you keep track on files on your server if they have been illegally modified or modified without your consent so you will know when it was modified and the different in file sizes. If all files on your server are well known and not part of script, you should take snapshot of them so this way you can be sure they are safe for your server. This function can also use "cron" to automatically scan for all files on your server and send you email report after the cronjob/cron tab is completely run and executed, please prefer to for more details about how to setup cronjob for your DLE website.

What is AntiVirus Cronjob?

AntiVirus can use to automatically check your server suspicious files and send you email reports, so what exactly the Cronjob does for this functions? well, there are a few actions are taken using cronjob tasks
  • 1) Check the file list from engine/classes/antivirus.class.php (see full file list above) and compare them against your server files
  • 2) Check the file list from your snapshot you took last time against the server files if there is modifications or uploaded after last snapshot
  • 3) Send email report to Admin, by default this Cron will send email to Administrator email you use in Admin CP Email Settings, the email report should look like this:
    Dear administrator, according to your settings for a cron and scan files for unauthorized or modified files. The check results were found following suspicious files: - file/path/filename : Security code does not match last snapshot - file/path/filename : Unknown script files It is strongly recommended that you delete unknown files, and test modified files. If you did not make the file changes, then restore the original script file. If this is your change, then manually scan the files again in the Admin CP.
    Best regards, Site Administration Site.com

Related Tutorials

Review/Leave Comment

comments powered by Disqus