Hi there,
Our plugin itself doesn’t actually perform malware scanning, it uses SiteCheck scanner (sitecheck.sucuri.net) and it detects when these issues are displayed remotely.
Thanks
Thank you!
I usually to contribute to your plugins by bug reports and feature requests.
Is Yorman around here?
A remote scan may or may not catch these.
A local DB scan can easyly spot <script of <iframe in the options.
Is Yorman around here?
I am very sorry about this sentence.
It was hard to realize that I am treated as a plugin user when I am willing to contribute, and – as I’ve experienced that earlier – Yorman treats me as a contributor.
I usually to contribute to your plugins
has two typos:
I usually contribute to your plugin …
You have to know that I was an iThemes Security plugin contributor when it was developed actively.
Thanks for your suggestion, it would be great to have a feature like this to add an additional layer of protection to all sites using this plugin. Unfortunately I am not allowed to write the code to power this feature because there is already a premium service offered by Sucuri that does exactly this [1].
An alternative would be to write a database scanner with reduced functionality that can be used to send alerts about a possible infection and then let the user choose to either clean the data by himself or buy the premium service.
However there are plenty of plugins that already offer this option for free [2] and they are probably willing to keep improving their code, in the other hand I could implement a limited feature as I suggested above but I can not ensure that it will be updated in the near future (because of my job restrictions) which makes it worthless taking in consideration the quantity of new malware that appear daily.
[1] https://sucuri.net/website-antivirus/
[2] https://ww.wp.xz.cn/plugins/search.php?q=malware+scanner
Thank you.
This feature should go into my handmade WAF.
Excuse me!
Which of the linked plugins have high code quality?
Could it be that none of them?
… and I’ve pointed out:
A remote scan may or may not catch these.
A local DB scan can easyly spot <script of <iframe in the options.
So even a paid WAF could be unable to detect malicious code in the wp_options table.
Please take a look at exploit-scanner, the zillon pattern it detects:
https://plugins.trac.ww.wp.xz.cn/browser/exploit-scanner/trunk/exploit-scanner.php
off: Does Sucuri Sitescan scan for page content that is generated with HTTP_REFERER=google.com ?
The Sucuri WAF (aka. CloudProxy) does not scans anything, but the antivirus service does [1] considering that it is a server side scanner and the database of signatures is pretty big. SiteCheck is another story, it is a simple web scanner so technically speaking it should not detect malicious code injected in the database that is not reflecting in the rendered HTML code (as you already explained).
To answer your question “which of the linked plugins have high code quality” I do not know. I suppose all of the plugins listed in that page have different features so one have to check them all to be make a good decision.
The list of static signatures included in class “File_Exploit_Scanner” of the plugin mentioned in one of your previous comments seems good enough for common attacks. But to build a good malware scanner you have to implement a “Mutation Algorithm” [2], and after a couple of hours working on that you will realize that writing an algorithm like that for free does not make sense.
[1] https://sucuri.net/website-antivirus/
[2] https://en.wikipedia.org/wiki/Mutation_(genetic_algorithm)
Thank you.
So Sucuri Website AntiVirus actually is written in PHP.
I do not know, I do not have access to the code of all projects, I work in the CloudProxy team. But I know that PHP is one of many programming languages that we use, including: C, Go, Lua, Python, and Bash.
