magento-malware-scanner is an extremely valuable tool to help keep your Magento installation secure. Scanning a codebase for malware is dead simple…
$ wget git.io/mwscan.txt $ grep -Erlf mwscan.txt /path/to/magento
However, it’s equally if not more important to run an external scan of your Magento installation. Here I’ll cover why and how.
The reason you need to run an external scan is because simply scanning your codebase misses cases where the malware is injected into the database. This class of attack is extremely common because the attacker can install malware simply by accessing the admin panel and updating “miscellaneous html” or a CMS block and does not need access to the file system on the server.
Fortunately, it’s not particularly difficult to run an external scan. You can use
wget to download the contents of a page and then send the returned HTML to magento-malware-scanner.
$ wget -O result https://www.example.com && grep -Elf mwscan.txt result
wget -O will catch cases where the malware is inlined into the HTML document, however if will miss if the malware is referenced via a
<script> tag. To solve this we can use the
-p flag to download the “page requisites”. This will scripts referenced via a
$ wget -p https://www.example.com && grep -Erlf mwscan.txt www.example.com
Good point, the
-p flag by default will only download the assets from the same host. We need to combine it with the
-H flag (span hosts) to download from other hosts
It’s easiest to additionally use the
-P flag (directory prefix) to put everything into a single folder
$ wget -p -H -P scan https://www.example.com && grep -Erlf mwscan.txt scan
At this point we will be scanning both all inlined and
Scanning https://www.example.com is great, but what if the malware is in a static block that is only inserted into the page on the checkout page? In that case, we won’t catch it.
A couple final pro-tips with external scans…
-qflag to prevent it from making any noise.
Hi, I'm Max!
If you'd like to get in touch with me the best way is on Twitter.