Server hacking is a common problem that webhosts face. The intrusion can be caused by several reasons like malicious scripts, vulnerabilities in the server etc.

It would be of real help, if we had a good tool to find such scripts running in the server. iScanner is one such tool. It is a free open source ruby based tool, that lets you detect/remove malicious code and malware from the server/website. The tool is a good alternative to the Clamscan that enjoys the popularity in this segment. iScanner is real good at removing some known web based malware, hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes, eval codes etc.

Get started with iScanner

Download iScanner and extract it :

# tar -zxvf iscanner.tar.gz

Since the tool doesn’t need any external libraries, you just need Ruby enabled in the server.

The page also give you various usage options. A few common ones are :

iscanner -f : Use this option to select the folder you want to be scanned(say /home/user/public_html).

iscanner -F : Use this option to scan a specific file(say /var/html/suspicious-home.php).

iscanner -m : This allows iScanner to send a copy of the infected log to selected email address. Usage is :
iscanner -f /home/user/public_html -m support@yourdomain.com

iscanner -c : This option will remove the malicious code from the infected files with out deleting the infected files. Be sure to check the iscanner log, to ensure that only malicious code is removed.

There are many other iScanner options available (iscanner -h). You can also configure iScanner to scan all files uploaded by users using ftp server and send email alert if malicious file has been detected.

In short, iScanner is a handy tool that makes life easier for a system/website administrator.

About the Author :

Anju KA works as a Senior Software Engineer in Bobcares. She joined Bobcares back in 2008.

Edited by Sankar H