Integration with Virusdie

From ISPWiki
Jump to: navigation, search

Introduction

Virusdie is a security tool that helps you clean and protect your websites from malware, spam-bots, etc. (in PHP, JS, HTML files and system files).

Virusdie is supported starting from ISPmanager 5.79.0 .

This article walks you through the steps you need to perform to integrate ISPmanager 5 with the anti-virus system.

IMPORTANT! This plugin will work only if your server has real IP-address. If you are using NAT, this module will not work.

Order

You can purchase a plug-in as described in article.

Note: if you run ISPmanager Business, you need to purchase a license for every web-node.

Setup and integration

Navigate to "Integration" ⇾ "Modules" and click the "Install" button.

VirusDie eng 7.pngArrow.pngVirusDie eng 8.png

The configuration form will open automatically. Click "Ок" to install the antivirus system on the server.

VirusDie eng 9.png

During the installation process, your server's IP address will be passed to the billing system, and information about Virusdie key will be updated in the ISPmanager license. After the license key is obtained, ISPmanager will download the installation package of the antivirus system. The archive is uploaded into the /usr/local/vdserver/ directory, the license key is added into the Virusdie /usr/local/vdserver/config.json configuration file (it is used by anti-virus scanner to download updates).

Attention! ISPmanager IP-address should match the IP, from which request for VirusDie is sent.

After you have successfully deployed Virusdie on the server, a new module will be available in the interface menu ("Tools" ⇾ "Virusdie"). In the table you'll see all users on the server. You can grant or deny access to Virusdie settings for users with "On" and "Off" buttons.

In order to configure Virusdie, navigate to "Tools" ⇾ "Virusdie" ⇾ "Virusdie settings", where you can enter a license key, delete Virusdie from the server, and set the limit on the antivirus report size, which will be processed by the control panel (see below).

VirusDie eng 10.pngArrow.pngVirusDie eng 11.png

The anti-virus scanning can be activated manually by admin or user, or will run automatically on a daily basis (every night). Once completed, a new report will be generated. You will be able to view that report in the control panel.

User access

With Virusdie installed on the server, a control panel's administrator will be able to restrict access to Virusdie for his users.

Navigate to "Users" ⇾ "Edit" ⇾ the "Access" tab.

VirusDie eng 12.pngArrow.pngVirusDie eng 13.png

Select the following check boxes:

  • Anti-virus scanning (Virusdie) - enable automatic anti-virus scanning on a daily basis (every night);
  • Allow access to Virusdie - a user will be able to view anti-virus scanning reports, and run anti-virus scanning manually.

You can also manage these settings in "Tools" ⇾ "Virusdie".

Anti-virus scanning configuration

Administrator and user have different management tools to configure anti-virus scanning.

In order to change the settings, navigate to "Tools" ⇾ "Virusdie" ⇾ "Parameters".

VirusDie eng 15.pngArrow.pngVirusDie eng 16.png

If the anti-virus tool detected an infected file, Virusdie can disinfect it. You can select the following options:

  • Disinfect automatically - disinfect the selected file;
  • Delete files - delete the infected file, if required (if this option is not selected, the file will be added into report, and won't be deleted).

The options set by administrator selects in this form will be applied when he starts anti-virus scanning manually, or when automatic scanning starts every day. The options set by user will be applied only for anti-virus checks that the user run manually.

In the "Save reports" field the administrator can set the maximum number of check reports that will be saved for the selected user. If the limit is reached for that user, the oldest report will be deleted before saving a new one.

Excluding files from anti-virus scanning

Administrator and users can select files and directories that won't be checked by the anti-virus tool.

Navigate to "Tools" ⇾ "Virusdie" ⇾ "Exclude"

VirusDie eng 17.pngArrow.pngVirusDie eng 18.png

Virus searching algorithm

  1. Information about a report in added into the virusdie_reports table of ISPmanager database;
  2. The virusdie directory is checked in the user's home directory;
  3. In the virusdie directory in the user's home directory antivirus creates the excludes.txt file with a list of files that will be excluded (directories have the "/" symbols at the end) is created;
  4. A background task with required parameters for anti-virus scanning is started (the /usr/local/mgr5/var/virusdie/runvdscan.sh script);
  5. A periodic task is started every minute to collect information about reports:
    1. If the anti-virus background task is already running for that user, reports are skipped;
    2. If the background task is not running, a report file is checked (the /virusdie user directory):
      • If the report file is not present, report information is uploaded into the control panel's database, and the threats file (scan.json) is copied from the report archive into the /usr/local/mgr5/var/virusdie/username/ directory;
      • If the report file is not present, the report is marked suspicious;
      • If the report file is not present, and the report is marked suspicious (the second report check), the report will be deleted;
  6. The report that was successfully checked, is shown in the list of reports.

If the scan.json or stat.json file in the report archive, exceed the size specified in the the "Maximum report size" parameter of the Virusdie configuration form, the report won't be uploaded into the control panel, but the report file will be available in the directory (the /virusdie user home directory).

Database update

Virusdie database is located on Virusdie servers, and get updated once in 24 hours. Updates will be checked every time the sacnning process starts.

Logs

The scanning tool doesn't have logs.

License information update

If the Virusdie license key is changed, you need to log in to ISPmanager--> Modules--> Virusdie settings, and renew information about your Virusdie license.

Scheduled user check

Starting from ISPmanager 5 5.85.0 you can take advantage of additional configuration for scheduled anti-virus scanning.

You can set the maximum number of simultaneous checks and and priority.

Trial version

In ISPmanager 5 Lite 5.101.0 and later users can install a trial version of Virusdie.

Important notes

  • you need to have an active ISPmanager license
  • Only one check per month
  • Check should be run with Admin permissions
  • The anti-virus tool will check /var/www
  • Administrators cannot enable/disable access to the tool for their users
  • The tool does not allow cure/delete/view infected files

Upgrade to a commercial version

In order to upgrade to a commercial version, you need to order Virusdie for your ISPmanager.

  • If you order Virusdie by clicking the "Buy" button in Integration->Modules, you will be redirected to a commercial license of Virusdie, if at that moment the license already contains information about Virusdie.


  • If you access the billing system in some other way, you will see the following notification on the Virusdie form when you are allowed to upgrade to the full version


Clicking Details will redirect you to the above form for conversion.

Email notifications

ISPmanager 5 Lite and ISPmanager 5 Business starting from 5.106.0 can send VirusDie scanning reports

Configuration

Log in to ISPmanager as admin, navigate to the Virusdie configuration form, and select "email notifications".

Notifications are activated for administrator and every user. To enable notifications for the administrator, select Administrator notifications and enter the following information:

  • email to send notifications
  • period to send reports


If email notifications were not configured on the server, you will be first redirected to the corresponding form.

Every user who can use Virusdie can set up email notifications that will be sent after anti-virus scanning.

Sending reports

Users who activated notifications will receive reports after every anti-virus scanning.

At specified period the system will check whether new anti-virus scanning reports are generated for the administrator.

If new reports are generated, the system will group them into a single report containing the information about the number of scanned users and total threats.