Ways to remove malicious code from Web pages with Iscanner on a Linux server

How can I remove malicious code from a webpage using Iscanner on a Linux server? This article mainly describes the Linux server on the use of Iscanner to remove malicious code, Iscanner for Ruby, so the server to first install the Ruby interpreter, A friend you need can refer to the following

First step: Install

First make sure that Ruby is installed on the server

The code is as follows:

#ruby-V//view version information for Ruby

If there is no installation on the server, you can install Ruby via yum or Apt-get (depending on your server system, choose the appropriate method to install)

The code is as follows:

#yum install ruby//centos with Yum

#apt-get install ruby//ubantu with Apt-get

IScanner does not require additional libraries and does not need to be installed, but the author does a setup and uninstall script that allows us to install and uninstall IScanner with the following command

The code is as follows:

#./installer-i//This command is to install Iscanner to the default directory '/etc/iscanner ', but we can change and select our favorite installation directory, using the '-d ' parameter:

#./installer-i-d/opt/iscanner//install Iscanner to the/opt/iscanner directory

Uninstalling Iscanner is also simple, with the following commands:

The code is as follows:

#./installer-u

Step two: Use parameter details

-R Use this parameter area to scan remote Web pages or Web sites.

# Iscanner-r Http://example.com

-F scans the specified file with this parameter.

# iscanner-f/home/user/file.php

-F scans the specified directory with this parameter.

# iscanner-f/home/user

-e This parameter allows us to scan only files that contain the specified file suffix name, by default, Iscanner only scans files with Htm,html,php,js suffix names, and if you want to scan files for other specific extensions, use the following command

# iscanner-f/HOME/USER-E htm:html//scan only the HTM and HTML files under/home/user

-D Iscanner is loaded with the latest malicious Code feature library by default, and if you want to use an older version or a modified version of the Malicious Code feature Library, you can specify the feature library with the following command:

# iscanner-f/home/user-d database.db

-M uses this parameter to allow us to specify malicious code, and let Iscanner automatically generate regular expressions to scan the site or webpage you specify (to prevent us from trying to scan the specified code, such as the JS AD code. )

# iscanner-m/home/user/malware_code.txt-f/home/user

# iscanner-m/home/user/malware_code.txt-r http://example.com

-o This parameter allows you to save the scanned log file as a specific place and a specific file name, if this parameter is not specified, the default infection log file format is "Infected-[time]-[date].log". Examples of parameters are as follows:

# iscanner-f/home/user-o User.log

-M Use this parameter to send the scanned log file to the specified mailbox.

# iscanner-f/home/user-m email@example.com

-C with this parameter, you can delete the malicious code from the infected file without deleting the infected file. When you use this parameter, it is a good idea to look at the log file to make sure that Iscanner will remove the malicious code from which files.

# iscanner-c Infected.log

-B This parameter allows Iscanner to back up infected files before the malicious code is removed, and the default backup file name is "Backup-[time]-[date".

# Iscanner-b-C Infected.log

-r This parameter allows us to recover deleted files from the backed up file

# Iscanner-r backup/

-A This parameter allows Iscanner to automatically purge all infected files. This parameter can be dangerous when you do not scan the file first or you do not know what results will be produced.

# iscanner-f/home/user-a

The-d parameter allows Iscanner to run in debug mode, which is useful when you have problems with the problem.

# iscanner-f/home/user-d

-Q If you do not want to see any iscanner output information, you can use this command to let Iscanner run in quiet mode

# iscanner-f/home/user-q

-S This parameter allows us to give infected files to Iscanner's developer for analysis to improve and upgrade the malicious Code feature Library

# iscanner-s/home/user/malicious_file.html

-U This parameter can be used to upgrade the Iscanner and malicious Code feature Library

# iscanner-u

-U This parameter is used to upgrade the malicious Code feature library without upgrading the Iscanner

# iscanner-u

-V This parameter is used to query the version of the print output Iscanner and the version number of the malicious Code feature Library.

# iscanner-v

-h This parameter can query help information.

# iscanner-h

Database Features

The code is as follows:

--0.0

-(REGULAR EXPRESSION)

-Signature comment.

-

* The first line is the id ' 0.0 ' of the feature.

* Option Parameters:

MU-to-multiline regular expressions.

LN--a row of regular expressions.

RE---scan remote or local files with regular expressions.

LO--Scans the local file with regular expressions only.

Some tips and suggestions for tool developers:

* You can easily modify the regular expression of the malicious Code feature Library

* If a few of your nets are compromised, you can add features to the feature library to let Iscanner scan all infected files

* You can put Iscanner in crontab to scan your files regularly and send the results to your designated mail, more convenient ha!

* You can configure your FTP server to allow Iscanner to scan all uploaded files, and if there is an infected file, send a scan record to the specified file to alert the administrator.