Credits: Video Training produced by Brian Teeman
One of the advanced features is the PHP File Change Scanner which, as the name suggests, will check all your PHP files to see if any of them have changed. In addition, it will also look inside those files to see if it can detect any signs of malicious contents.
We can now perform your first scan.
You should note that this may take some time so just leave it to run.
Once the scan is complete, you will see a record of the report with the scan date and time, the total number of files scanned, the number of files that have been modified since your last scan, files that have been marked as possible threats, and the number of files that have been added since the previous scan.
Note the possible threat. Possible is the important word, as this can only make an attempt to look for strings inside the file that might be a problem, not necessarily that they are a problem.
If you click on the view report, you will see a list of all the files that have been scanned together with an estimated threat score.
As I have just installed Joomla and my extensions, I know that all the files are safe and that anything listed here is a false positive.
So I can select them all and press mark safe, remembering that I am only displaying some of the files so I need to click the next pages to make sure that I mark all of them.
Once I have marked all the false positives as safe I can click back, and if I preform another scan I can see that no files have been modified since the last scan, there are no recorded threats, and no files have been added. So no report has been generated.
I strongly recommend if you are using the PHP file scanner that you perform this on a regular basis, especially before and immediately after installing any new extensions. That way you can be certain to mark any false positives as safe.
You can automate the process of scanning for PHP file changes and have the results emailed to you using this function here, the PHP file change scanner scheduler.
Here you will see all the information that you require to set this up. There are also additional links to documentationto help you even further.
Please remember that this scan can only detect possible threats so it will detect things that are not threats and it may also miss other things. The tool is only a tool to help you, not to provide a definitive answer.