Viewing the report
Step 1. Analyzing files
To analyze the report afterscanning:
- Launch the log analyzer.
- On the page that opens, click the Load file button and select the report to view (in ZIP format).
The information will be shown in a table on the File list page. Data can be filtered by the following parameters:
- Flag — Set after checking data with the whitelist ( Not found — no malicious code in the file; Suspicious — there is suspicious code in the file, but it may be harmless; Malicious — the file has code that matches at least one of the utility's virus signatures).
- Time interval — Filters entries in the downloaded file using the selected time interval.
- File path — Filters files by a fragment of the name or path (shows only files that contain the entered value in the path).
- Fields of table — Allows selecting table columns to display.
For site analysis, the system uses whitelists of trusted files from different CMS versions, along with information about these files.
The log analyzer automatically detects the CMS model and version and applies the appropriate whitelist to the report. This reduces the number of false antivirus warnings.
To download the whitelist, click the Filter from file button and select the desired file. You can also use the Filter from file button to download the log of the previous scan, and then compare it with the current log in the analyzer.
Step 2. Generating a cleaning script
Select the desired action for infected files:
- Quarantine — Place the file in the quarantine archive and analyze it without deleting it from the server. The file is renamed: the extension is removed, and the name is replaced with its hash value. A meta file of the same name is saved next to it with service information.
- Delete — Delete the file from the server.
A cleaning script is generated based on the selected actions:
<?xml version="1.0"?> <recipe> <quarantine>./file1.php</quarantine> <delete>./file2.php</delete> </recipe>
quarantine— Adds a file to the quarantine archive without deleting it from the server. You can send the archive to specialists for further analysis.
delete— Deletes the file from the server.
./file2.php— Indicates the path to the file that the specified action is applied to.
To apply the generated "prescription", copy the code to the clipboard using the Copy button. Then go to the utility's page ( Treatment tab) andpaste the code in the box.