Security Antivirus Scanner – CWIS

תיאור

THE PREMIUM PROFESSIONAL SECURITY ANTIVIRUS PLUGIN

Secure your WordPress website today with the CobWeb Internal Scanner (CWIS, pronounced see-wis), the lightweight antivirus scanner application, an easy to use WordPress admin security plugin developed by CobWeb Security Ltd.

Main Features

  • Free, enterprise-level tool
  • Scan with just one click
  • Simple, intuitive, flexible
  • Database security scanning
  • Detailed scan results report

The security scanner designed to detect adware and malware, backdoors and exploits, defacement and phishing code, trojans and viruses, CMS and server vulnerabilities and other security threats within database content and files uploaded to your system. Just install CWIS Antivirus free and start protecting your website immediately!

We also offer a Business CWIS key that will give you:

  • Scanner scheduler's settings
  • Upgrade to Premium support
  • SQL malware scan (CWIS exclusive function)
  • Scanner report export function

You can click here to sign-up for CWIS Business or Premium now.

Scanner Features

CWIS is a professional multi-functional antivirus with the best security features and advanced functions for virus and vulnerabilities diagnostic. It provides a wide range of functions that will ensure the security of your site:

  • Virus & Malware antivirus scanner
  • Vulnerable scripts and plugins monitoring
  • Adware, Spyware and SPAM links detection
  • Blacklist Monitoring (Web Trust check)
  • Powerful & Easy to use malware removal tools
  • Security hardening analytics and recommendations
  • Professional features (CWIS Business or Premium)

CWIS Antivirus is a powerful security tool for virus monitoring and detection. Moreover, this antivirus will not only scan your website, but it will clean it from malicious code and malware as well. With CWIS Antivirus Security you will be able to remove viruses from the database and secure your website in a blink of an eye.

Virus & Malware Antivirus Scanner

CWIS Antivirus Security is based on a unique algorithm developed by our team to find malicious code. It has the fullest signatures database. Also, the premium version of CWIS Antivirus contains the extended heuristic security analysis algorithm that allows it to find viruses not only on the website but on the domain as well.

CWIS Antivirus reveals almost every kind of viruses and malicious code that exist today:

  • Webshells and backdoor detection (backdoor webshells)
  • Javascript malware, trojans and virus detection (JS viruses)
  • PHP malware (server malware) and bot spam file detection
  • Detection of phishing pages set up by hackers (phishing pages)
  • Hack detection (malicious code in .htaccess)
  • SQL Malware detection – an unique feature

CWIS Antivirus has some important advantages:

  • The fullest viruses database for signature search
  • Heuristic / security analysis algorithm
  • Extended search range that allows it to find viruses throughout the domain's space, not only throughout the website
  • Scanning for viruses in database

Vulnerabilities Detection

One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That's why a well-timed diagnosis and update are vital for hardening the protection of the website.

Our security scanner is able to find:

  • Vulnerable/insecure scripts
  • Plugins and themes vulnerabilities
  • SQL, XSS malicious injections
  • Adware, spyware and SPAM links

Adware, Spyware and SPAM Links Detection

CWIS scanner successfully detects:

  • SEO & SPAM links
  • Doorway pages (SEO)
  • iFrame injections
  • Black-hat SEO infections

Blacklist Monitoring

CWIS Blacklist Monitoring scanner checks IP addresses and website domains in most popular security blacklists and safe browsing databases. Real-time Blacklists or Blackhole lists – also called DNS-based Blackhole Lists – are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these security blacklists.

Leading email systems like Gmail, Yahoo and Hotmail also use security blacklists to filter emails by addresses. If your network's IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.

CWIS Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.

URIBL (or URL Blacklists) are similar to RBLs, except rather than tracking IP addresses they track domain names and website URLs which have been identified as being used for spamming, phishing or spreading viruses.

If your website becomes blacklisted, any reference to your website URL may be blocked, including:

  • referencing your website URL in email;
  • social media or blog posts;
  • or visitors simply will not be able to get to your website.

The Google and Yandex Safe Browsing security databases include lists of websites that may be dangerous to visitors because they are suspected of phishing scams or spreading viruses.

Malware Removal Tool, Powerful & Easy To Use

The CWIS Antivirus Security Scanner will not only help you find all of the viruses and malicious code on your web site but we will also help you remove this malware easily. Our built-in file viewer and editor is an easy security tool to remove the infected file code or its part depending on the type of infection. The cleaning process is very simple and requires no special training.

Professional Features

Built-in Cron Scheduler:

  • Twice a day, daily, weekly, bi-weekly or monthly scan frequency
  • Custom settings (scan path, scan level and database scan)
  • Security rescan of newly added and modified files
  • Scan reports and security notifications via email

CWIS Antivirus Scanner detects:

  • Newly added and modified files
  • Symlinks and hidden files
  • Suspicious PHP code
  • Potentially malicious files and code
  • Private IP addresses
  • Unix executable files

Website Security Info:

  • Basic Information: PHP and system info
  • Server Environment: hostname, platform, architecture and more
  • SSL certificate: free online security tool to analyze your SSL certificate and server configuration, displays the current status of SSL certificate, notifies if your website is secured and who it was verified by.

Requirements

  • WordPress version 2.8 or higher
  • PHP version 4.1.0 or higher

Final Notes

צילומי מסך

  • Antivirus Scanner Dashboard Control Panel
  • CWIS Antivirus Security Scanner Page
  • Blacklist Monitoring (Web Trust Check)
  • Security Hardening Analytics & Recommendations
  • Antivirus Scanner & Scheduler Settings Page

התקנה

To install the plugin and get it working:

  1. Login into your WordPress administration panel
  2. Navigate to Plugins option in WordPress navigation menu, and select Add New
  3. Please type CWIS in the Search Plugins box (or upload plugin to the /wp-content/plugins/ directory)
  4. Select Install Now and than choose to Activate the plugin (or activate the plugin through the Plugins menu in WordPress)
  5. Navigate to CWIS Antivirus Scanner option in the navigation menu, and click Start Scan button
  6. During the registration, plugin securely sends the data to company's server: name, email and website's domain.

שאלות נפוצות

Installation Instructions

To install the plugin and get it working:

  1. Login into your WordPress administration panel
  2. Navigate to Plugins option in WordPress navigation menu, and select Add New
  3. Please type CWIS in the Search Plugins box (or upload plugin to the /wp-content/plugins/ directory)
  4. Select Install Now and than choose to Activate the plugin (or activate the plugin through the Plugins menu in WordPress)
  5. Navigate to CWIS Antivirus Scanner option in the navigation menu, and click Start Scan button
  6. During the registration, plugin securely sends the data to company's server: name, email and website's domain.
Is CWIS Antivirus Scanner free to use?

Yes, CWIS Antivirus Scanner is completely free to use. If you need to enable additional features, premium plans are available.

Is CWIS Antivirus Scanner plugin secure?

No sensitive data is sent to our servers. However, during the initial registration, the plugin sends encrypted data to the company's server: your name, email address and website's domain.

Will CWIS Antivirus Scanner protect my site from being hacked?

Not in the literal sense of "protect from". The main purpose of the plugin is to detect any "hack" that has already taken place, and enable you to take immediate action upon it.

Will this plugin impact the performance of my website?

No, it will not.

Do the scanner logs be stored in my database?

No, it does not.

Are there any issues installing this plugin with any hosts?

Not that we are aware of.

סקירות

Best Antivirus Plugin

I was looking for a plug-in anti-virus outbreak since my website 4 times. After installing this extension,
I found Malicious files not found SUCURI ..
Thank CWIS

קראו את כל 10 הסקירות

מפתחים

"Security Antivirus Scanner – CWIS" הוא תוסף קוד פתוח. האנשים הבאים תרמו ליצירת תוסף זה.

תורמים

שינויים

3.2.2

  • Major improvements to the email reports

3.2.1.5

  • Minor improvements and bug fixes
  • The list of known vulnerabilities is up-to-date

3.2.1

  • Maintenance release, new malware signatures

3.2.0.7

  • Vulnerabilities and URL ignore list updates

3.2.0.3

  • Added the "Quarantine Manager" tool with description
  • Enabled option to restore quarantined files

3.2.0

  • New dashboard element: "Scanner Feature Status"
  • Scan-level limits were removed from the Free version

3.1.6

  • New PHP webshells signatures (total 3937 so far)
  • Vulnerabilities and URL ignore list optimizations

3.1.5

  • Security and maintenance release

3.1.4.7

  • Client side user interface improvements

3.1.4.5

  • Database scanner now uses the list of detected CMS
  • Try new dashboard's "Extra Options" to find out more…

3.1.3

  • New features of the Task Scheduler Manager
  • Improved white list management via AngularJS

3.1.2

  • Now using a local whitelist (useful for manual checking)
  • Fixed portability issues with ctype_xdigit and iconv

3.1.1

  • Updated list of known vulnerabilities
  • Removed deprecated result keys and methods

3.1.0.6

  • Compatability issues fix (path query in socket requests)
  • New defacement signatures (total 3915 so far)

3.1.0.3

  • Cronjob Scheduler and Site Check code optimizations
  • The scan path displayed during the scanning process

3.1.0

  • Maintenance release (total 3871 signatures)
  • Improvements in WordPress & CMS plugins detectors

3.0.6.3

  • New WordPress plugin vulnerabilities
  • SSL check results added to the dashboard

3.0.6

  • New malware and viruses signatures (total 3811 so far)
  • Speed optimizations of built-in cron job scheduler

3.0.5.7

  • Added MxToolBox's blacklist lookup results
  • SSL Certificate check, HTTP status and load time

3.0.5.5

  • Fixed scanner stability issues on some busy/shared servers
  • Max file size been increased, prescan depth was limited

3.0.5.4

  • New server malware, phishing and viruses signatures
  • Scan settings sync fix, CSS styling and JS improvements

3.0.5.3

  • Optimized virus signatures of type "JS/redirector"
  • To prevent blocking, i18n JSON-files renamed to JS-files

3.0.5.2

  • Hack detection improvements (malicious code in .htaccess)

3.0.5.1

  • Updated list of known CMS/plugin/theme vulnerabilities

3.0.5

  • Security and maintenance release
  • Fixed issues with paused scan, database scan and site check

3.0.4

  • Quick rescan now being done significantly faster
  • Fixed incompatibility issues with the POSTed parameters

3.0.3

  • Rescan progress percent now calculated correctly

3.0.2.5

  • Improved rescan process (has been split into two phases)

3.0.2.4

  • Improvements in heuristic analysis algorithm (hacker nick names)
  • Whitelist and URL ignore list updates (tested on 1000+ plugins)

3.0.2.1

  • Malware signatures optimized, total 3709 signatures known
  • Fixed bug in recently updated UI-Bootstrap accordion

3.0.2

  • Delayed autostart on load and automatic retry on error
  • Improved handling of broken/unstable Internet connection
  • Sub-categories added to the WordPress admin menu

3.0.1.5

  • Scheduling periodic rescan using WordPress cron
  • Whitelist optimizations, new malware signatures

3.0.1

  • Forced restarting of stuck/incomplete rescan

3.0.0

Release Date – 2th February, 2016

  • The first stable release of CWIS-3.0 is out!
  • CSS/JS optimizations, temporary files folders fix
  • Whitelist and URL ignore list updates (tested on 900 plugins)
  • Improved "iFrame injections" detector (PRO level)

3.0.0-RC9

  • Security patch, mail sender bug fix, new signatures, and more…

3.0.0-RC2-RC5

  • Testing completely redesigned interface written in pure AngularJS

2.5.0

  • LTS (Long-term support) version release
  • Quick Rescan and Scheduler bug fixes

2.3.5.4

  • Compatability with WordPress 4.7.2
  • System info reporting improvements

2.3.5

  • Updated URL ignore-list and known vulnerabilities list

2.3.2.5

  • Security and maintenance release

2.3.2

  • Validation improvements, updated list of vulnerabilities

2.3.1.7

  • Whitelist and URL ignore list updates (tested on 700 plugins)

2.3.1.6

  • New server malware signatures, total 3697 signatures known
  • Updated list of known plugins and themes vulnerabilities

2.3.1.5

  • Correct calculations of rescan speed and time left in Quick Rescan mode
  • Filenames queue list split by volumes, quick rescan of modified files
  • URL-ignore list optimizations (automatically adding the WWW prefix)

2.3.0.12

  • Incorrect date check results resolved using a timezone offset

2.3.0.8

  • Whitelist updates, client-side improvements in License Manager

2.3.0.6

  • CMS plugins detector now supported the one-file-plugins

2.3.0.5

  • Whitelist and URL ignore list updates (tested on 300 plugins)
  • Memory and signatures optimizations, CMS detector bug fix

2.3.0.2

  • CSS improvements, bug fix in suspicious redirect detector
  • Weekly notice: "To make your site as secure as possible…"

2.3.0

  • New signatures, code improvements and optimizations, bug fixes
  • Complemented list of latest known vulnerabilities across WordPress Core, plugins and themes

2.2.8.5

  • New server malware signatures, total 3587 signatures known

2.2.8.3

  • Unset UA warning fix, default date timezone is set to UTC
  • Removed some low quality signatures which caused false positives

2.2.7.9

  • Added the most recent high-profile plugins vulnerabilities
  • Added a signature of fake plugin named "WordPress Researcher"
  • Empty threat categories in the scan results are also displayed

2.2.6.12

  • Simulate function error_get_last() for PHP 5 < 5.2.0
  • Scanner whitelist's function fread() PHP warning (bug fix)

2.2.6.5

  • Support for the latest version check on core-level

2.2.6.3

  • Updated security list of known vulnerabilities (WordPress plugins)

2.2.6

  • New backdoor and server malware signatures, total 3581 signatures known
  • Scanner skips automatically files caused to compile-time parse errors

2.2.5

  • Security and maintenance release
  • Added prescan status "completed", new Potentially Malicious signatures
  • Now possible simultaneous scanning of different/mixed paths

2.2.4.5

  • Whitelist optimizations, URL ignore list been updated
  • New backdoor signatures added, total 3568 signatures known
  • Some of Server Malware signatures were skipped because of the bug

2.2.4

  • Doorways detection algorithm has been greatly improved (Professional Mode)
  • Scanning quality has been greatly improved (Basic Check and Recommended Mode)

2.2.3.5

  • Bug fixed in AJAX request's timeout check (time limit has been doubled)
  • Last time rendering improved as scanner now ignores additional AJAX requests

2.2.3

  • Bug in the method detecting rescan status has been detected and fixed
  • The DRY philosophy has been applied to the scanner's check code

2.2.2

  • Optimized some signatures in category "Potentially malicious"
  • Bootstrap popovers on hover explaining the scan modes and levels
  • Scan levels simplified: "Basic Check", "Recommended" and "Professional"

2.2.1.2

  • List of known vulnerabilities (CMS and plugins) is up to date

2.2.1

  • Client-side now handling correctly an empty server response
  • PDO class file is loaded once now (additional check added)

2.2.0.7

  • New signatures added into category "Server malware"

2.2.0.6

  • API mode with log messages turned off

2.2.0.5

  • Prevented duplicate result entries

2.2.0.2

  • "Database Scan" may be enabled/disabled on-the-fly

2.2.0.1

  • Whitelist optimizations, URL ignore list been updated
  • cURL timeout has been increased from 3 to 5 seconds

2.2.0

  • Some regexps were moved to a more appropriate category "Potentially malicious"

2.1.6.5

  • Fixed mistakenly popping dialog

2.1.6

  • New shell signatures, scan results explanation notice added

2.1.5.9

  • Total 3544 signatures known (adware, phishing, viruses etc)

2.1.5.7

  • A new signature added, extended messaging in the paused scan state

2.1.5.3

  • Whitelist updates, JS stability issues, and a new banner image

2.1.5

  • The scanner stopped after receiving an error from the server, fixed
  • Disk free space check added with response "Possibly out of free disk space"
  • Total 3534 signatures known (adware, phishing, viruses etc)

2.1.4.9

  • Improvements in alerting system (stripped HTML tags and JSON parser fix)

2.1.4

  • MIME types are used now to detect and skip binary files in "Paranoid" mode

2.1.3.5

  • Ability to add a database check in the middle of an already running scan

2.1.3

  • Code refactoring, improved scanner stability on slow servers

2.1.2.4

  • Improper progress data is now being recovering silently
  • The list of vulnerabilities is extended and covers the last 4 years
  • Total 3477 signatures known (adware, phishing, viruses etc)

2.1.2

  • Scanner code has been refactored, improved performance

2.1.1.16

  • Quick rescan was failed on empty files list (bug fix)

2.1.1.15

  • Database scan was reset at each page refresh (bug fix)

2.1.1.14

  • Upload directory detection code compatability improvements

2.1.1.12

  • Whitelist updates and false AJAX timeouts fix

2.1.1.4

  • Support for files with no content (bug fix)

2.1.1

  • Client side user interface improvements

2.1.0.12

  • Added timeout check for lengthy AJAX requests

2.1.0.7

  • Whitelisted bunch of WordPress 4.6.0 and plugins files (nearly 500)
  • Whitelist check has been optimized, category "Encrypted files" now checked too
  • Plugins detector bug fixed (when empty array passed from the CMS detector)

2.1.0.5

  • SEO links detection improved (PHP-code in anchor is now skipped)
  • Scan result handling has been improved, empty names bug fixed
  • Client entered in loop in specific conditions, fixed

2.1.0

  • Database scanning control via new "DB Scan" button
  • Updated list of vulnerable CMS and plugins versions
  • Memory limit set to "1536M", added new signatures

2.0.7.5

  • Added check for usage of unknown types for PHP extensions in .htaccess file

2.0.7

  • Delayed autostart on the first run (in 5 sec)
  • Improved WordPress version and CMS plugins detectors
  • Fixed issue with report shuffling after quick rescan

2.0.6

  • Improvements in built-in mechanism of translations
  • Autostart option is turned off on the very first run

2.0.5

  • Errors handling and translation quality improvements
  • Uploads directory used wp_upload_dir($this->plugin_name));

2.0.4

  • Thread-safe atomic file reading and writing solution
  • Basic scan level's critical entries RegExp bug fixed

2.0.3

  • Scripts and styles included using the action hook

2.0.0

  • Activator and deactivator classes enabled
  • Scanner files upgraded to the latest version

1.0.5

  • Main file containing passwords now updated automatically
  • AJAX options generated and stored automatically