WEBVTT 1 00:00:09.514 --> 00:00:12.309 One of the advanced features of admintools 2 00:00:12.309 --> 00:00:14.309 is the php file change scanner 3 00:00:15.161 --> 00:00:17.161 which as the name suggests 4 00:00:17.161 --> 00:00:19.161 will check all your php files 5 00:00:19.161 --> 00:00:21.161 to see if any of them have changed. 6 00:00:22.082 --> 00:00:24.082 in addition it will aslo look inside 7 00:00:24.082 --> 00:00:26.082 those files to see if it 8 00:00:26.082 --> 00:00:28.082 can detect any signs of malicious 9 00:00:28.082 --> 00:00:30.082 contents. 10 00:00:31.003 --> 00:00:33.003 We can now perform your first scan. 11 00:00:33.842 --> 00:00:35.842 You should note that this may take some time 12 00:00:35.842 --> 00:00:37.842 so just leave it to run. 13 00:00:40.385 --> 00:00:41.945 Once the scan is complete 14 00:00:41.945 --> 00:00:43.945 you will see a record that the report 15 00:00:43.945 --> 00:00:45.945 with the scan date and time 16 00:00:46.632 --> 00:00:48.632 the total number of files scanned 17 00:00:49.532 --> 00:00:51.532 the number of files that have been modified 18 00:00:51.532 --> 00:00:53.532 since your last scan 19 00:00:53.532 --> 00:00:55.532 files that have been marked as possible 20 00:00:55.532 --> 00:00:57.532 threats and the number of files 21 00:00:57.532 --> 00:00:59.987 that have been added since the previous scan. 22 00:01:01.883 --> 00:01:03.883 Note the possible threat. 23 00:01:04.543 --> 00:01:06.543 Possible is the important word. 24 00:01:07.430 --> 00:01:08.926 as this can only make an attempt 25 00:01:08.949 --> 00:01:10.949 to look for strings inside the file 26 00:01:10.949 --> 00:01:12.949 that might be a problem 27 00:01:12.949 --> 00:01:14.949 not necessarily that they are 28 00:01:14.949 --> 00:01:16.949 a problem. 29 00:01:18.186 --> 00:01:20.186 If you click on the view report 30 00:01:20.186 --> 00:01:22.186 you will see a list of all the files that 31 00:01:22.186 --> 00:01:24.186 have been scanned together with 32 00:01:24.213 --> 00:01:26.213 an estimated threat score. 33 00:01:27.155 --> 00:01:29.155 As I have just installed Joomla 34 00:01:29.155 --> 00:01:31.155 and my extensions 35 00:01:31.155 --> 00:01:33.155 I know that all the files 36 00:01:33.155 --> 00:01:35.155 are safe and that anything 37 00:01:35.155 --> 00:01:37.430 listed here is a false positive 38 00:01:38.488 --> 00:01:40.488 So I can select them all 39 00:01:40.488 --> 00:01:42.488 and press mark safe 40 00:01:43.388 --> 00:01:45.388 remembering that I am only displaying 41 00:01:45.388 --> 00:01:47.388 some of the files so I need 42 00:01:47.388 --> 00:01:49.388 to click the next pages to make 43 00:01:49.388 --> 00:01:51.388 sure that I mark all of them. 44 00:01:52.948 --> 00:01:54.948 Once I have marked all the false positives 45 00:01:54.948 --> 00:01:56.948 as safe I can 46 00:01:56.948 --> 00:01:58.948 click back and if I preform 47 00:01:58.948 --> 00:02:00.948 another scan I can 48 00:02:00.948 --> 00:02:02.948 see that no files have been 49 00:02:02.948 --> 00:02:04.948 modified since the last scan 50 00:02:04.948 --> 00:02:06.948 there are no recorded threats 51 00:02:06.948 --> 00:02:08.948 and no files have been added. 52 00:02:09.800 --> 00:02:11.800 So no report has been generated. 53 00:02:13.264 --> 00:02:15.264 I strongly recommend if you are using 54 00:02:15.264 --> 00:02:17.264 the php file scanner that you 55 00:02:17.264 --> 00:02:19.264 perform this on a regular basis 56 00:02:19.862 --> 00:02:22.673 Especially before and immediately after 57 00:02:22.990 --> 00:02:24.990 installing any new extensions 58 00:02:25.595 --> 00:02:27.595 that way you can be certain to mark 59 00:02:27.595 --> 00:02:29.595 any false positives as safe. 60 00:02:31.087 --> 00:02:33.087 You can automate the process of scanning 61 00:02:33.087 --> 00:02:35.087 for php file changes 62 00:02:35.087 --> 00:02:37.087 and have the results emailed to you 63 00:02:37.822 --> 00:02:39.822 using this function here the 64 00:02:39.822 --> 00:02:42.084 php file change scanner scheduler. 65 00:02:43.513 --> 00:02:45.513 Here you will see all the information 66 00:02:45.513 --> 00:02:47.513 that you require to set 67 00:02:47.513 --> 00:02:49.513 this up. 68 00:02:49.513 --> 00:02:51.865 There are also additional links to documentation 69 00:02:52.255 --> 00:02:54.255 to help you even further. 70 00:02:55.286 --> 00:02:57.286 Please remember that this scan 71 00:02:57.286 --> 00:02:59.286 can only detect possible threats 72 00:02:59.918 --> 00:03:01.918 so it will detect things that are not threats 73 00:03:02.530 --> 00:03:04.530 and it may also miss other things 74 00:03:04.681 --> 00:03:06.681 The tool is only a tool to help you 75 00:03:07.451 --> 00:03:09.451 not to provide a definitive answer.