Can a regular antivirus find script viruses?

Started by Bravoman1, Jul 11, 2022, 02:51 AM

Previous topic - Next topic

Bravoman1Topic starter

Hello!

I am curious about a practice I sometimes engage in, which involves copying server files or portions of them to my local computer and scanning them with a traditional antivirus program. I am interested in determining whether such programs are capable of detecting viruses embedded within PHP, JS, HTML, and other file types commonly found on websites.

May I ask what method you use to check files on your local device? Thank you kindly for your responses.
  •  

samfrank

Antivirus software designed for desktop computers is primarily geared towards detecting Windows-specific viruses. In my experience, these programs are capable of identifying around 25% of PHP malware. However, it is recommended to use specialized tools in conjunction with manual inspection to accurately detect and eliminate infections.
My personal preference is Ai-bolit, along with a few bash commands to locate certain code fragments. With practice, identifying infections will become easier even without the assistance of additional scanners.

If you lack experience in identifying malicious code, a viable option (although not ideal) is to restore from a backup, scan the files with Ai-bolit or a similar program, manually inspect everything suspicious, and update your content management system and components to the newest versions available.
  •  

JacobLindS

Dr.Web currently offers two specialized solutions: an agentless antivirus and a solution based on a light agent. These solutions differ in functionality and operating principles.

The agentless solution is specifically designed for VMware, which has an API that allows third-party vendors to transfer files to the VM where the interceptor driver is installed for analysis. However, this approach does not allow the antivirus solution to conduct further research inside the VM or apply modern logic, limiting its effectiveness.

In our cloud environment, we utilize a lightweight agent-based solution for virtual environments. This involves installing a lightweight agent inside each VM and conducting computing operations on a separate machine containing the antivirus engine. Objects are analyzed on a single VM (SVM), which saves resources and speeds up file scanning while increasing protection.

The solution functions through several components, including a multifunctional security appliance for virtualization known as Security Virtual Appliance, shared and local caches, and customizable parameters such as file scanning depth and quarantine location.

This solution is available on all our cloud installations and has received FSTEC certification, providing customers with both paper and real protection. It enables VMs to operate safely in the insecure environment of the internet.
  •  

kevin66

Traditional antivirus programs are designed to detect and protect against common types of malware, including viruses, worms, Trojans, and other malicious software. They typically use a combination of signature-based detection (matching known patterns of malware) and heuristic analysis (looking for suspicious behavior) to identify potential threats.

When it comes to scanning files on your local device, antivirus programs can indeed detect viruses embedded within PHP, JS, HTML, and other file types commonly found on websites. However, their effectiveness may vary depending on the specific antivirus software you are using and the sophistication of the virus itself.

points to consider regarding scanning files on your local device with antivirus programs:

1. File Reputation: Many antivirus programs rely on file reputation services that maintain a database of known good and bad files. This helps the software identify potentially harmful files by comparing them to known malware signatures.

2. Behavior-based Detection: Some antivirus programs employ behavior-based detection techniques. Instead of relying solely on signature matching, they analyze the behavior of files in order to identify suspicious or malicious activities.

3. Real-time Protection: Antivirus software often includes real-time protection features that continuously monitor files and activities on your computer to detect and block potential threats before they can cause harm.

4. Multiple Scan Engines: Some antivirus programs leverage multiple scan engines to increase their detection capabilities. These engines may use different algorithms and techniques, providing a more comprehensive analysis of files for potential threats.

5. Updates: To effectively defend against new and emerging threats, it's crucial to keep your antivirus software regularly updated. Updates include new virus definitions, security patches, and improvements to scanning algorithms.

6. Scanning Depth: Antivirus programs typically offer different scanning options, including quick scans, full system scans, and custom scans. Full system scans are the most thorough, as they check all files and folders on your local device for potential threats.

7. File Types: Antivirus programs can scan various file types, including PHP, JS, HTML, and other commonly found website file formats. However, it's worth noting that certain malware may be specifically designed to evade detection by antivirus programs, using techniques like file encryption or polymorphism.

8. False Positives and False Negatives: Antivirus software is not perfect and can sometimes produce false positives (flagging benign files as malicious) or false negatives (failing to detect actual malware). It's important to review any flagged files carefully and consider submitting them to the antivirus vendor for analysis if you believe they are false positives.

9. Additional Security Measures: While antivirus programs are an important part of computer security, they should not be the sole line of defense. Using additional security measures such as firewall protection, regular operating system updates, strong passwords, and cautious internet browsing habits can further enhance your overall security posture.

10. User Awareness: It's critical to stay aware of common phishing techniques, scams, and social engineering tactics that can bypass antivirus software. Being vigilant and mindful of suspicious emails, downloads, and websites can help prevent falling victim to malware attacks.
  •