The Trojan protection module is designed specifically for targeting and eliminating Webshells. It employs our company's self-developed antivirus engine and features an exceptionally high Webshell detection rate.
1. Protected Directorys
The directory(s) where Webshells are automatically detected and eliminated.
It is recommended to add all websites to the "Protected Directory". Once hackers upload Webshells, they will be automatically detected and eliminated.
If all websites are located within a single directory, you can add this main directory to the "Protected Directory" (e.g., /www/ or /wwwroot/).
2. Protection Settings
Configure parameters for Webshell detection and elimination.
Scan and Kill Type: Files to be scanned, separated by English commas for multiple types. It is recommended to set it to "scripts". If set to "all", all files will be scanned.
File Size: During scanning, if the size of the target file exceeds the set value, it will be skipped. This prevents performance degradation caused by excessively large files. Ordinary Webshell typically range from a few kilobytes to several hundred kilobytes.
Malware Handling: How to deal with Webshell when it is discovered.
Isolation: Place the Webshell file in a quarantine directory. This option is recommended. Delete: Delete the Webshell. This option has significant side effects and is not recommended. Log: Only record the incident in logs without taking any action.
Explanation File: After a Webshell is "Isolation" or "deleted," an explanation file is generated at the original path to inform users.
Notification: Immediately notify the administrator when a Webshell is detected.
Malware Library: View the version of the virus database and update it.
Custom Malware Library: During scanning, if the content of the scanned file contains any keyword from the "Custom Virus Database," it will be identified as a Webshell. To prevent false positives, avoid setting keywords that are too short.
Path Whitelist: A list of files to be skipped during scanning. Supports full or partial paths, with partial paths requiring the inclusion of an asterisk (*). Detailed filling rules: http://www.magiaegis.com/supports/defense/159.html
Content Whitelist: During scanning, if the content of the scanned file contains any keyword from the "Content Whitelist," the file will be skipped.
3. Isolate Webshells
Store Webshells that have been quarantined, allowing for restoration or deletion.
Note: After restoration, the file path will be added to the "Path Whitelist" to prevent future scans from detecting it again.