WEBVTT 1 00:00:07.930 --> 00:00:09.540 One of the advanced features 2 00:00:09.596 --> 00:00:11.596 of AdminTools is malware detection 3 00:00:12.309 --> 00:00:14.309 using the php file change scanner 4 00:00:15.161 --> 00:00:17.161 As the name suggests 5 00:00:17.161 --> 00:00:19.161 this will check all your php files 6 00:00:19.182 --> 00:00:21.182 to see if any of them have changed. 7 00:00:22.663 --> 00:00:25.070 in addition it will aslo look inside 8 00:00:25.074 --> 00:00:26.648 those files to see if it 9 00:00:26.748 --> 00:00:28.748 can detect any signs of malicious 10 00:00:28.819 --> 00:00:30.259 contents. 11 00:00:30.720 --> 00:00:32.720 We can now perform your first scan. 12 00:00:33.998 --> 00:00:35.998 You should note that this may take some time 13 00:00:35.970 --> 00:00:37.970 so just leave it to run. 14 00:00:39.550 --> 00:00:41.110 Once the scan is complete 15 00:00:41.110 --> 00:00:43.110 you will see the report 16 00:00:43.110 --> 00:00:45.110 with the scan date and time 17 00:00:45.273 --> 00:00:47.273 the total number of files scanned 18 00:00:47.521 --> 00:00:49.792 the number of files that have been modified 19 00:00:49.861 --> 00:00:51.861 since your last scan 20 00:00:51.946 --> 00:00:53.616 files that have been marked as possible 21 00:00:53.663 --> 00:00:56.001 threats and the number of files 22 00:00:56.074 --> 00:00:58.529 that have been added since the previous scan. 23 00:00:59.617 --> 00:01:01.617 Note the possible threat. 24 00:01:02.178 --> 00:01:04.178 Possible is the important word. 25 00:01:04.485 --> 00:01:05.981 as this can only make an attempt 26 00:01:05.990 --> 00:01:07.990 to look for strings inside the file 27 00:01:08.103 --> 00:01:10.103 that might be a problem 28 00:01:10.174 --> 00:01:11.387 not necessarily that they are 29 00:01:11.381 --> 00:01:12.546 a problem. 30 00:01:13.457 --> 00:01:15.457 If you click on the view report 31 00:01:15.457 --> 00:01:17.457 you will see a list of all the files that 32 00:01:17.457 --> 00:01:19.457 have been scanned together with 33 00:01:19.484 --> 00:01:21.484 an estimated threat score. 34 00:01:22.426 --> 00:01:24.426 As I have just installed WordPress 35 00:01:24.426 --> 00:01:25.636 and my plugins 36 00:01:25.789 --> 00:01:27.096 I know that all the files 37 00:01:27.152 --> 00:01:28.926 are safe and that anything 38 00:01:28.925 --> 00:01:31.200 listed here is a false positive 39 00:01:31.777 --> 00:01:33.777 So I can select them all 40 00:01:33.677 --> 00:01:35.677 and press mark safe 41 00:01:35.983 --> 00:01:37.581 remembering that I am only displaying 42 00:01:37.657 --> 00:01:39.657 some of the files so I may need 43 00:01:39.699 --> 00:01:41.699 to click the next pages to make 44 00:01:41.714 --> 00:01:43.714 sure that I mark all of them. 45 00:01:44.052 --> 00:01:46.052 Once I have marked all the false positives 46 00:01:46.052 --> 00:01:48.052 as safe I can 47 00:01:48.077 --> 00:01:50.474 click back and if I perform 48 00:01:50.545 --> 00:01:52.098 another scan I can 49 00:01:52.126 --> 00:01:53.305 see that no files have been 50 00:01:53.362 --> 00:01:55.362 modified since the last scan 51 00:01:55.461 --> 00:01:57.461 there are no recorded threats 52 00:01:57.682 --> 00:01:59.682 and no files have been added. 53 00:01:59.820 --> 00:02:01.820 So no report has been generated. 54 00:02:03.555 --> 00:02:05.555 I strongly recommend if you are using 55 00:02:05.629 --> 00:02:07.629 the php file scanner that you 56 00:02:07.703 --> 00:02:09.703 perform this on a regular basis 57 00:02:10.596 --> 00:02:13.407 Especially before and immediately after 58 00:02:13.478 --> 00:02:15.478 installing any new plugins. 59 00:02:16.403 --> 00:02:18.403 That way you can be certain to mark 60 00:02:18.502 --> 00:02:20.502 any false positives as safe. 61 00:02:22.093 --> 00:02:24.093 You can also automate the process 62 00:02:24.191 --> 00:02:26.459 of scanning for php file changes 63 00:02:26.635 --> 00:02:28.635 and have the results emailed to you 64 00:02:28.926 --> 00:02:30.926 using this function here the 65 00:02:30.926 --> 00:02:34.360 php file change scanner scheduler. 66 00:02:35.135 --> 00:02:37.135 Here you will see all the information 67 00:02:37.183 --> 00:02:39.183 that you require to set this up. 68 00:02:40.001 --> 00:02:42.353 There are also additional links to documentation 69 00:02:42.373 --> 00:02:44.373 to help you even further. 70 00:02:45.183 --> 00:02:47.183 Please remember that this scan 71 00:02:47.281 --> 00:02:49.281 can only detect possible threats 72 00:02:49.519 --> 00:02:51.519 so it will detect things that are not threats 73 00:02:52.008 --> 00:02:54.008 and it may also miss other things 74 00:02:55.169 --> 00:02:57.169 The tool is only a tool to help you 75 00:02:57.569 --> 00:02:59.569 not to provide a definitive answer.