Integration with Revisium Antivirus

From ISPWiki
Jump to: navigation, search

Revisium Antivirus is a website antivirus that scans user web-sites for detecting malware codes and monitoring the domain blacklists of Google, Yandex, and other resources. Revisium Antivirus detects malware scripts such as web-shells, backdoors, phishing pages, trojans, etc.

Revisium Antivirus is available in ISPmanager 5 Lite 5.1 55 and later.

This article describes how to integrate ISPmanager 5 with the anti-virus system.

Installing and configuring Revisium Antivirus

Revisium Antivirus Free

Features:

  • unlimited checks;
  • only administrators can run antivirus checks;
  • "By users" mode allows to scan the whole directory of a selected user including all his web-sites starting from /var/www/<user>/;
  • "By domain" mode allows to scan the whole directory of a web-domain;
  • cannot cure and delete infected files.

Full version of Revisium Antivirus Premium

To upgrade to a full version, you need to order the "Revisium Antivirus" module for your ISPmanager license in BILLmanager. Navigate to "Integration" -> "Modules" -> "Revisium Antivirus" -> "Buy".

Features:

  • only administrators can run antivirus checks;
  • scheduled web-site checks;
  • cure and delete infected files;
  • store copies of cured files;
  • email notifications about infected sites after scanning.

Installing "Revisium Antivirus"

To install "Revisium Antivirus", navigate to "Integration" -> "Modules" -> select "Revisium Antivirus" -> "Buy".

Please note: you can install and configure the module only on the server with a public IP address.

Revisium1.png

Requirements:

  • PHP version — 7.1;
  • PHP extension — ioncube;
  • PHP extension — posix;
  • PHP extension —intl;
  • PHP extension —json.

The required components will be installed and activated automatically when installing the antivirus module. You must enable putenv and passthru for PHP 7.1. To do so, navigate to 'PHP -> Settings'. Delete putenv and passthru from the disable_functions variable, if they were installed

Using the module

To start working with Revisium Antivirus, navigate to "Tools" -> "Revisium Antivirus".

Revisium Antivirus

Scanner modes

There are two scanning modes:

  • By users — the system will check domain directories for viruses and domain reputation for blacklist statuses.
  • By domains — the system will check user directories including all domains. Domain reputation is not checked.

You can change a mode in "Tools" -> "Revisium Antivirus".

Configuring anti-virus

The system runs the same antivirus settings for domains and users.

Revisium Antivirus settings
  • Quick Scan — the antivirus will check critical files only (ph*, js, htm*, .htaccess, txt, tpl, etc.). This helps to reduce server load and increase scanning speed dramatically;
  • Skip media files — select the check box not to scan media files and documents (.docx, .xlsx, .pdf, ..). This helps to reduce server load and increase scanning speed dramatically. This option is available after disabling "Quick Scan";
  • Optimize scanning by speed — select this check box to activate an “intelligent mode”. It will scan files from cache folders selectively. It speeds up the scanning process with the same level of malware detection;
  • Max working threads — the amount of concurrent scanning threads. The optimal value is 0,5 * number of available server kernels. Possible values:
    • 1;
    • 2;
    • 4.
  • Scheduled scanning — the interval of automatic website scanning. This option is available in Revisium Antivirus Premium. Possible values:
    • Disabled;
    • Daily;
    • Once a week;
    • Once a month.
  • Start scanning at — set the time when the scanning process will start automatically. This field is available with the Scheduled scanning option disabled. Possible values: 0:00 to 23:00;
  • Max allocated memory — how much memory is allowed for a single scanning process. Possible values:
    • 256Mb;
    • 384Mb;
    • 512Mb;
    • 1024Mb.
  • Logging level — to increase the logging level in var/raisp_data/log/main.log, add the parameter "Full". Possible values:
    • Full;
    • Regular;
  • Max. scanning time for 1 site — time to scan a website. When the time is over, the scanning task will be suspended. Possible values:
    • 1 hour;
    • 3 hours;
    • 12 hours;
    • 24 hours;
    • Unlimited.
  • Number of days to keep — period in days to keep original versions of cleaned files. This option is available in Revisium Antivirus Premium. Possible values:
    • 7;
    • 14;
    • 30.
  • Trim malicious files instead of deleting it — select the check box not to files when malware is detected but trim it instead. The web-site will work correctly after automatic scanning, if malicious files are not included into another files or database. This option is available only in Revisium Antivirus Premium;
  • Check domain for sanctions — select the check box to check a web-site domain and server IP address for sanctions from search engines, antivirus services, and Roskomnadzor;
  • Email admin on website infection — the system will send an email notification after scheduled scanning if websites are infected. This option is available only in Revisium Antivirus Premium with the Scheduled scanning option enabled;
  • Email for notifications — enter the email to send scanning notifications. This field is available with the Email admin on website infection option activated.
    • Use external SMTP — select the check box to use an SMTP-server to send scanning notifications. Activating this option will change the standard php mail() function into an external SMTP server. This option is available with Email admin on website infection activated;
      • SMTP server — enter the URL of the SMTP-server;
      • SMTP user — enter user login of the SMTP-server;
      • SMTP passowrd — enter the user password of the SMTP-server;
      • SMTP port — enter the port to connect to the SMTP-server;
    • Use SSL for SMTP — select the check box to connect to the SMTP-server through the SSL protocol (for example, to send notifications via smtp.yandex.ru).

Scanning

To starts the scanning process, click the following buttons:

  • Scan all — scan all domains/users;
  • Scan — scab the selected domain/user only.

If the system detects malware objects, the infected domain/user will be marked as "infected". You will see the following buttons on the toolbar:

  • Report — view the detailed report to see detected files;
  • Cure — cure the files according to the scanning settings.

Once completed, the status in the list of domains/users will change into "Cured". You will show the number of cured threads, date and time when the clean processes started. Clicking the "Undo" button will restore the files back. Please note: you can undo the operation only for all cured domains/users that have original copies. You cannot restore a single file. Virus statuses are kept in the temporary directory usr/local/mgr5/var/raisp_data/backups.

Peculiarities

Revisium Antivirus logs can be found in /usr/local/mgr5/var/raisp_data/log.

Revisium Amtivirus does not scan archives.