In the Malwarescan options enabled we get a resume of the options we have selected for this feature:
This option has been designed to check for suspicious words. Those words may also be used for legitimate purposes, so enabling this option you will have a high number of false positives. You should enable this option with caution. Default value stablished is: Disabled.
The 'Hashes option' is faster because it looks for the file hash in a complete database of millions of malware files, while the 'Files option' sends the entire file to be analyzed for more than 40 commercial anti-malware engines. Default value stablished is: Hashes.
Look for suspicious patterns only in files modified/created during the latests selected days. Default value stablished is: 7.
Below that we can see two sections: Manual Malware scan check and Malware scan summary:
In Manual Malware scan check section we have a 'Start' button to launch a check over our filesystem. We have a table with the start time, end time and current task of this process.
If we launch this check, we will get a progress bar to get info about the process status. Please, don't navigate to another page until the process has finished or you get an error message.
This process can cause an overload of your server, afecting QoS, so this check should be launched in a period of low server activity. A standard Joomla installation has almost five thousand files, and every one has to be checked, so this process can take a long time.
When this process ends, you'll see a completion message.After that the malware scan summary table will be updated, showing us last check timestamp, number of analized files and suspicious files found:
If the malware scanner find suspicious files, you can check then selecting this option. We will see a detailed info about the threat: path, size, last modified, malware type, alert level, malware description, malware code found and the online check status:
An alert level of “High” means you should keep an eye over the file even if the online check shows no warning. Some encoded files are not detected by anti-malware engines. If you have doubts, don't hesitate to ask me. Every time a new malware scan is launched, all online check status appear as Not checked even if files have been previously submitted to the metascan service. This is due to the dinamic behaviour of the service: every anti-malware engine is updated every day, so a not detected threat today can be detected tomorrow.
We also see two* buttons: Add file(s) as exception and Metadefender Cloud Check (files|hashes). If the limit per hour is reached, the second button will not be available and an alert will be displayed
The first one add selected files as exceptions and the second one check hashes of selected files or send selected files to be analyzed by the Metadefender Cloud free service and send us to the Manage logs screen.
If we choose the “Quarantined” option in the dropddown, then we have two options: Restore files and Delete:
The first one restore selected files to their original folder, and the second one deletes them. There are also two buttons to Delete and View file. The first one deletes* all files selected and the second one allows us to see the file content; this is useful before deleting it. Please, take note that files are marked as suspicious, so maybe they are false positives. Be fully sure the file is malicious before deleting it or the entire site can crash.
There are three folders (and all files and subfolders under them) marked as exceptions: /tmp, /logs and /cache.