OSE Joomla Anti-Virus
From Open Source Excellence Knowledge Base
OSE PHP Joomla! Virus Scanner User Manual
Version: 3.0 Released Date: 28-Feb-2011 Manual Date: 28-Feb-2011 Author: OSE Security Team. firstname.lastname@example.org Copyright: Reproduction and redistribution of the document is disallowed without the consent of the author. Notes: The OSE Security software series is an Open Source software series developed by Open Source Excellence Team. License: GPL V2, you can install it into UNLIMITED websites FOREVER! No License Restrictions! No more IONCUBE!
The Anti-Virus 3.0 is a new release of our OSE Anti-Virus™.
- Version 2.2-3.0
- Supports Joomla! 1.6.
- Change OSE File Scanner to OSE File Manager™ which is able to manage files on the site and initializes target files to the Database for OSE Anti-Virus™.
- Add the function of selecting multiple folders/paths to scan.
- The feature of directly viewing reported files after scanning in File Manager.
- Updates Virus signature and patterns.
- Fixes some minor bugs for image scanning and DB initialization.
- Version 2.0-2.2
- Divide the older virus scanner into 3 separate components for specific tasks to improve the performance.
- New file scanner function scans all files into the database first making the virus scanning process traceable.
- New interface of the virus scanner and more detailed and useful alert reports.
- Options to clean or delete infected files to remove shell codes.
- New virus definition signature.
Contents in the Package
After the installation, the Open Source Excellence Anti-Virus™ for Joomla! includes the following component:
- OSE Anti-Virus – A component scanning and cleaning the website files on the server.
- OSE File Manager - A component which can manage files of the site. It also functions for Anti-Virus to choose folders/sub-folders to scan and review reported files in the final scanning result list.
- OSE CPU - Providing the core OSE system, framework, and functionalities.
Software Download and Support
- Please find the software on our OSE website here: OSE Anti-Virus™ for Joomla!.
- After you purchase the product, you can use it FOREVER (INDEFINITELY); you can download all upgrades within 1 year; and you can receive our support within 1 year. Please check and download the latest upgrade on our OSE website in your “My Download” area after login.
- If you have questions regarding installation, configuration, or usage, please go to our Ticket System to submit a support request.
You can install the components using the default Joomla! Installer or OSE Update Manager™.
Please install all components in the package with the order:
- a. com_ose_cpu
- b. com_osefileman
- c. com_oseantivirus
If you have an old version installed, please un-install the old ones and re-install the latest version.
You can manage the files of the site in OSE File Manager™ .
More important, you need to choose the folders/paths in the OSE File Manager when you are going to perform a virus scan. Tick the folders/paths and click the "initialize DB with the selected directory" button.
1. After you click the "initialize DB with the selected directory" button, you will be automatically redirected to OSE Anti-Virus™. You will find the to-be-scanned directories on the left side. Next, please select the files types/extensions, update file extensions, and then please first "Initialize DB".
2. After the initialization, there will a pop-out message informing you the total number of files and folders to scan.
3. You can know the DB has been initialized on the screen. Please click "Start Virus Scanning" button to scan.
4. The scanner will show the progress and 150 files which are under scanning in one page. Please do not operate the page during the scanning process.
5. After the scanning finishes, there will be a brief message summarizing the scanning result at the bottom of the page.
1. Please click on "View scanning Results" button to go to the scanning result control panel to view the result of last scan and deal with the alerts.
2. Now you can use the file functions to deal with the reported files in the result.
Functions: Backup Items
This function will make a copy of the selected files to the "quarantine" folder of Anti-Virus:
site/administrator/components/com_ose_antivirus/quaran/. Whitelist Items
If you find a reported file is a false positive, please select the file and whitelist it. Then the file will not be reported in the next scan. Clean Infected Items
IF YOUR SERVER ALLOWS THE WRITE PERMISSION FOR THE COMPONENT, your files can be cleaned immediately and a backup file will be created in the
quarantine folder of the Anti-Virus. Quarantine Infected Items
This function is suitable for the condition that the whole file is an infection or the file is uploaded by the hacker, such as shell codes.
In this case, you need to remove the whole file. Please use the "Quarantine" function to thoroughly remove the file and at the same time,
a backup file will be create in the Anti-Virus quarantine folder.
3. Review reported file before you execute any function.
We provide a new function from Version 3.0 to allow you directly view the files in scanning result. Please click the small "Action" view button after a reported file, and it will redirect you to the OSE File Manager™ to view the file.
Generally the scanner reports real infected files, but in some cases it will report false positives, because some files may use iframe inside their codes which matches one of the suspicious patterns the scanner is looking for. Therefore sometimes the scanner will alert false positives. Please use the Whitelist function above to whitelist them.
After you confirm that you have whitelisted all false positives and make backup for important files. Tick all infected files and clean them. For shell codes, we recommend you to delete the whole infection files. If you are not sure about the reported infections, please contact us for advice.
4. Whitelisted files and Quarantined files.
You can easily manage the files whitelisted and quarantined in the Whitelist Files and Quarantined Files. You can purge or restore quarantined files in the list.
1. Comparing the Backup Files with the Cleaned Files, you may find the malicious codes inside the file.
2. If you look at the Cleaned version, the malicious codes were all removed.
3. If you find that the file was reported as false positives because the codes that have been removed are not malicious codes, please use the "Restore" function in "Quarantined Files" to recover the original files and add the file to the Whitelist for next scan.