Where are the scan results?

Home Forums Support Forum Where are the scan results?

This topic contains 5 replies, has 2 voices, and was last updated by  Anti-Malware Admin 4 months, 3 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #116976

    Egor Ukoloff
    Member

    Ok, I tried to run the plugin on two sites. Takes 9 or more hours to scan one site (vs ImmunifyAV+ that does it in about 5 minutes) and then it refreshes back to the scan settings page. But where are the scan results? This plugins appears to be pretty useless to me. The only reason I install it because it claims to be the only plugin out of all that scans SQL database for malware. But I didn’t even see it scanning the database let alone I can’t find any scan results at all…

    #116979

    Anti-Malware Admin
    Key Master

    This plugin performs an active scan from the Anti-Malware Setting page within your wp-admin. The Complete Scan progress is rendered on the page as the scan is running and it is necessary to stay on that page for the scan to finish. Results are displayed in real-time as the contents of the files and database are scanned and it usually takes less than 30 minutes to scan all the files in the scan path and the database too (which is done at the end of the file scan).

    If you are experiencing anything different from what I have just described then would you please send me a screenshot of what you see so that I can help you troubleshoot the cause of the problem you are having?

    #116991

    Egor Ukoloff
    Member

    Hi, Eli,
    Yes, I am experiencing all totally different. The attached is the screenshot of the currently running scan of the currently running complete scan on one of the sites and I only checked Databases for this one. Bu tis looks like it still doing the full scan . The very first full Complete scan I tried last night and it ran all night for over 9 hours and at the end I didn’t see any results. Just a history of scans.

    I am not sure how to attache screenshot here but here is the link to the uploaded screenshot: https://take.ms/bPA0W

    Thank you.

    #117001

    Anti-Malware Admin
    Key Master

    That is an interesting way to configure the scan. I’m not sure I have ever tried it like that and I don’t think it will skip the file indexing even if you haven’t selected any file type threats to look for (something I will have to make accommodations for in my next release). Regardless, it should not be taking that long. I can see from that screenshot that it is currently in the “Re-Checking” phase, which only happens if there are read errors on your filesystem, and there must have been a lot of them for it to push out the scan time that far. Perhaps you might want to increase the memory_limit in the php.ini file on your server to speed up the scan and ensure that the larger files can be opened and read. You may also need to check the file permissions if some of those files eventually show up under the Read/Scan Error section of the results (I see there are two there already in that screenshot).

    I would like to help you figure out why it is running so slow on your server and find a solution to this problem but it is hard to guess at the cause from just one screenshot.If my above guesses were no help and you need more help from me you can email me directly with more screenshots or even send me a login to your wp-admin if you are willing to trust me with admin access to your site (I won’t break anything, just want to test the scan in a few different ways to see why it’s acting slow).

    There is one more thing you could try. It’s just a workaround for the DB Scan if that is all you want, but I would still like to speed up the file scan for you. Anyway if you just want to skip right to the DB scan you can try selecting only a single small plugin to scan by clicking on the word “plugins” under “What to scan:” and then selecting a small folder like “gotmls” (see screenshot below):

    https://paste.pics/0eb3d7785e1def55e11bfe7fb0433417

    #117019

    Egor Ukoloff
    Member

    Hi, Eli,

    Here is the screenshot of the errors from that particular site: https://take.ms/90ixq

    As you can see all I got is the errors and no actual real scan results.

    As for the speed. I don’t think or want to change anything yet on the server in php.ini. As I mentioned earlier, it takes about 5 – 10 min to scan the entire cPanel account not just one site with ImmunifyAV+

    And takes about 2-3 hrs to scan my entire WHM account with a multiple amount of cPanels with many sites. So, there would not be an issue with the memory limit.
    Also, the permissions for all those files marked as an error are 0644 just like all other files.
    I only wanted to use the plugin to scan the possible SQLs injections.

    I gave it another try now by checking just one plugin. It completed the scan fairly quick but is not showing any results unless “Found 0 Database Injections” is the result https://take.ms/QQ674

     

    Thanks!

    #117059

    Anti-Malware Admin
    Key Master

    Actually the memory_limit value in the php.ini does have a direct impact on all PHP processes running through your website. So, if it says memory_limit = 256M then every PHP processes (including my plugin’s scan jabs) will be limited to 256MB of memory, even if your server has 32GB of physical memory installed. Whereas, other server side applications like ImmunifyAV run as stand-alone processes with full access to all the servers CPUs and could use as much memory as the server has if they need to to get the job done. please understand that my plugin (like every other PHP process on your website) is limit to the resources that your server assigns to it, and it does the best it can within those limits.

    All those errors are certainly a troubling sign to my eye and I would like to help you solve that because I suspect that you may actually have some infected file and the scan is definitely being impeded in some way. The first 3 error on that list have suspicious output about the __wakeup function in the Videoframes class that is coded incorrectly and could be caused by a malware injection (or it could just be a poorly written plugin that is causing errors on your site). You might get more information about the source of this error in the error_log files on your server.

    The fact that there were no Database injection found should be a good thing but perhaps you have reasons to suspect that this is incorrect and are hoping to locate scripts in the Database that you are sure should be there. Can you tell me where you are seeing evidence of an infection on your site so that I can take a look?

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.