PHPMussel : Anti-Virus Anti-Trojan Anti-Malware Solution

An ideal solution for shared hosting environments, where it’s often not possible to utilise or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others.

Features

• Licensed as GNU General Public License version 2.0 (GPLv2).
• Easy to install, easy to customise, easy to use.
• Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required).
• Fully configurable based on your needs.
• Ideal solution for shared hosting services.
• Ideal solution for forum systems in need of file upload protection.
• Does NOT require shell access.
• Does NOT require administrative privileges.
• CLI mode available.
• Good, strong, stable support base.

Also Read – FridaExtract : Frida.re Based RunPE Extraction Tool

HOW TO INSTALL

INSTALLING MANUALLY (FOR WEB SERVERS)

1. By your reading this, I’m assuming you’ve already downloaded an archived copy of the script, decompressed its contents and have it sitting somewhere on your local machine. From here, you’ll want to work out where on your host or CMS you want to place those contents. A directory such as /public_html/phpmussel/ or similar (though, it doesn’t matter which you choose, so long as it’s something secure and something you’re happy with) will suffice. Before you begin uploading, read on..
2. Rename config.ini.RenameMe to config.ini (located inside vault), and optionally (strongly recommended for advanced users, but not recommended for beginners or for the inexperienced), open it (this file contains all the directives available for phpMussel; above each option should be a brief comment describing what it does and what it’s for). Adjust these directives as you see fit, as per whatever is appropriate for your particular setup. Save file, close.
3. Upload the contents (phpMussel and its files) to the directory you’d decided on earlier (you don’t need to include the *.txt/*.md files, but mostly, you should upload everything).
4. CHMOD the vault directory to “755” (if there are problems, you can try “777”; this is less secure, though). The main directory storing the contents (the one you chose earlier), usually, can be left alone, but CHMOD status should be checked if you’ve had permissions issues in the past on your system (by default, should be something like “755”). In short: For the package to work properly, PHP needs to be able to read and write files inside the vault directory. Many things (updating, logging, etc) won’t be possible, if PHP can’t write to the vault directory, and the package won’t work at all if PHP can’t read from the vault directory. However, for optimal security, the vault directory must NOT be publicly accessible (sensitive information, such as the information contained by config.ini or frontend.dat, could be exposed to potential attackers if the vault directory is publicly accessible).
5. Install any signatures that you’ll need. See: INSTALLING SIGNATURES.
6. Next, you’ll need to “hook” phpMussel to your system or CMS. There are several different ways you can “hook” scripts such as phpMussel to your system or CMS, but the easiest is to simply include the script at the beginning of a core file of your system or CMS (one that’ll generally always be loaded when someone accesses any page across your website) using a require or include statement. Usually, this’ll be something stored in a directory such as /includes, /assets or /functions, and will often be named something like init.php, common_functions.php, functions.php or similar. You’ll have to work out which file this is for your situation; If you encounter difficulties in determining this for yourself, visit the phpMussel issues page at GitHub or the phpMussel support forums for assistance; It’s possible that either myself or another user may have experience with the CMS that you’re using (you’ll need to let us know which CMS you’re using), and thus, may be able to provide some assistance in this area. To do this [to use require or include], insert the following line of code to the very beginning of that core file, replacing the string contained inside the quotation marks with the exact address of the loader.php file (local address, not the HTTP address; it’ll look similar to the vault address mentioned earlier).

<?php require '/user_name/public_html/phpmussel/loader.php'; ?>

Save file, close, reupload.

— OR ALTERNATIVELY —

If you’re using an Apache webserver and if you have access to php.ini, you can use the auto_prepend_file directive to prepend phpMussel whenever any PHP request is made. Something like:

auto_prepend_file = "/user_name/public_html/phpmussel/loader.php"

Or this in the .htaccess file:

php_value auto_prepend_file "/user_name/public_html/phpmussel/loader.php"

1. At this point, you’re done! However, you should probably test it out to make sure it’s working properly. To test out file upload protections, attempt to upload the testing files included in the package under _testfiles to your website via your usual browser-based upload methods. (Make sure you’ve included the phpmussel*.*db signature files in your Active setting for the test files to trigger). If everything is working, a message should appear from phpMussel confirming that the upload was successfully blocked. If nothing appears, something isn’t working correctly. If you’re using any advanced features or if you’re using the other types of scanning possible with the tool, I’d suggest trying it out with those to make sure it works as expected, too.

INSTALLING MANUALLY (FOR CLI)

1. By your reading this, I’m assuming you’ve already downloaded an archived copy of the script, decompressed its contents and have it sitting somewhere on your local machine. When you’ve determined that you’re happy with the location chosen for phpMussel, continue.
2. phpMussel requires PHP to be installed on the host machine in order to execute. If you don’t have PHP installed on your machine, please install PHP on your machine, following any instructions supplied by the PHP installer.
3. Optionally (strongly recommended for advanced users, but not recommended for beginners or for the inexperienced), open config.ini (located inside vault) – This file contains all the directives available for phpMussel. Above each option should be a brief comment describing what it does and what it’s for. Adjust these options as you see fit, as per whatever is appropriate for your particular setup. Save file, close.
4. Optionally, you can make using phpMussel in CLI mode easier for yourself by creating a batch file to automatically load PHP and phpMussel. To do this, open a plain text editor such as Notepad or Notepad++, type the complete path to the php.exe file in the directory of your PHP installation, followed by a space, followed by the complete path to the loader.php file in the directory of your phpMussel installation, save the file with a .bat extension somewhere that you’ll find it easily, and double-click on that file to run phpMussel in the future.
5. Install any signatures that you’ll need. See: INSTALLING SIGNATURES.
6. At this point, you’re done! However, you should probably test it out to make sure it’s working properly. To test phpMussel, run phpMussel and try scanning the _testfiles directory provided with the package.

INSTALLING WITH COMPOSER

phpMussel is registered with Packagist, and so, if you’re familiar with Composer, you can use Composer to install phpMussel (you’ll still need to prepare the configuration, permissions, signatures and hooks though; see “installing manually (for web servers)” steps 2, 4, 5, and 6).

composer require phpmussel/phpmussel

INSTALLING SIGNATURES

Since v1.0.0, signatures aren’t included in the phpMussel package. Signatures are required by phpMussel for detecting specific threats. There are 3 main methods to install signatures:

1. Install automatically using the front-end updates page.
2. Generate signatures using “SigTool” and install manually.
3. Download signatures from “phpMussel/Signatures” and install manually.

Install automatically using the front-end updates page.

Firstly, you’ll need to make sure that the front-end is enabled. See: FRONT-END MANAGEMENT.

Then, all you’ll need to do is go to the front-end updates page, find the necessary signature files, and using the options provided on the page, install them, and activate them.

Generate signatures using “SigTool” and install manually.

See: SigTool documentation.

Download signatures from “phpMussel/Signatures” and install manually.

Firstly, go to phpMussel/Signatures. The repository contains various GZ-compressed signature files. Download the files that you need, decompress them, and copy the decompressed files to the /vault/signatures directory to install them. List the names of the copied files to the Active directive in your phpMussel configuration to activate them.