Tuesday, 9 April 2019

PHPMussel- PHP Based Anti-Virus, Anti-Trojan and Anti-Malware Solution

PHPMussel- PHP Based Anti-Virus, Anti-Trojan and Anti-Malware Solution

An ideal solution for shared hosting environments, where it's often not possible to utilise or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others.


  • Easy to install, easy to customise, easy to use.
  • Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required).
  • Fully configurable based on your needs.
  • Ideal solution for shared hosting services.
  • Ideal solution for forum systems in need of file upload protection.
  • Does NOT require shell access.
  • Does NOT require administrative privileges.
  • CLI mode available.
  • Good, strong, stable support base.

How to Install?


1. By your reading this, we are assuming you've already downloaded an archived copy of the script, decompressed its contents and have it sitting somewhere on your local machine. From here, you'll want to work out where on your host or CMS you want to place those contents.

A directory such as /public_html/phpmussel/ or similar (though, it doesn't matter which you choose, so long as it's something secure and something you're happy with) will suffice. Before you begin uploading, read on..

2. Rename config.ini.RenameMe to config.ini (located inside vault), and optionally (strongly recommended for advanced users, but not recommended for beginners or for the inexperienced), open it (this file contains all the directives available for phpMussel; above each option should be a brief comment describing what it does and what it's for).

Adjust these directives as you see fit, as per whatever is appropriate for your particular setup. Save file, close.

3. Upload the contents (phpMussel and its files) to the directory you'd decided on earlier (you don't need to include the *.txt/*.md files, but mostly, you should upload everything).

4. CHMOD the vault directory to "755" (if there are problems, you can try "777"; this is less secure, though). The main directory storing the contents (the one you chose earlier), usually, can be left alone, but CHMOD status should be checked if you've had permissions issues in the past on your system (by default, should be something like "755").

In short: For the package to work properly, PHP needs to be able to read and write files inside the vault directory. Many things (updating, logging, etc) won't be possible, if PHP can't write to the vault directory, and the package won't work at all if PHP can't read from the vault directory.

However, for optimal security, the vault directory must NOT be publicly accessible (sensitive information, such as the information contained by config.ini or frontend.dat, could be exposed to potential attackers if the vault directory is publicly accessible).

5. Install any signatures that you'll need. See: INSTALLING SIGNATURES.

6. Next, you'll need to "hook" phpMussel to your system or CMS. There are several different ways you can "hook" scripts such as phpMussel to your system or CMS, but the easiest is to simply include the script at the beginning of a core file of your system or CMS (one that'll generally always be loaded when someone accesses any page across your website) using a require or include statement.

Usually, this'll be something stored in a directory such as /includes, /assets or /functions, and will often be named something like init.php, common_functions.php, functions.php or similar. You'll have to work out which file this is for your situation;

If you encounter difficulties in determining this for yourself, visit the phpMussel issues page at GitHub or the phpMussel support forums for assistance; It's possible that either myself or another user may have experience with the CMS that you're using (you'll need to let us know which CMS you're using), and thus, may be able to provide some assistance in this area.

To do this [to use require or include], insert the following line of code to the very beginning of that core file, replacing the string contained inside the quotation marks with the exact address of the loader.php file (local address, not the HTTP address; it'll look similar to the vault address mentioned earlier).

<?php require '/user_name/public_html/phpmussel/loader.php'; ?>

Save file, close, reupload.


If you're using an Apache webserver and if you have access to php.ini, you can use the auto_prepend_file directive to prepend phpMussel whenever any PHP request is made. Something like:

auto_prepend_file = "/user_name/public_html/phpmussel/loader.php"

Or this in the .htaccess file:

php_value auto_prepend_file "/user_name/public_html/phpmussel/loader.php"

At this point, you're done! However, you should probably test it out to make sure it's working properly. To test out file upload protections, attempt to upload the testing files included in the package under _testfiles to your website via your usual browser-based upload methods.

(Make sure you've included the phpmussel*.*db signature files in your Active setting for the test files to trigger). If everything is working, a message should appear from phpMussel confirming that the upload was successfully blocked. If nothing appears, something isn't working correctly. If you're using any advanced features or if you're using the other types of scanning possible with the tool, I'd suggest trying it out with those to make sure it works as expected, too.

How to Use?


phpMussel should be able to operate correctly with minimal requirements on your part: After installing it, it should work immediately and be immediately usable.

File upload scanning is automated and enabled by default, so nothing is required on your behalf for this particular functionality.

However, you're also able to instruct phpMussel to scan specific files, directories and/or archives. To do this, firstly, you'll need to ensure that the appropriate configuration is set in the config.ini file (cleanup must be disabled), and when done, in a PHP file that's hooked to phpMussel, use the following closure in your code:

$phpMussel['Scan']($what_to_scan, $output_type, $output_flatness);

  • $what_to_scan can be a string, an array, or an array of arrays, and indicates which file, files, directory and/or directories to scan.
  • $output_type is a boolean, indicating the format for the scan results to be returned as. false instructs the function to return results as an integer. true instructs the function to return results as human readable text. Additionally, in either case, the results can be accessed via global variables after scanning has completed. This variable is optional, defaulting to false. The following describes the integer results:

Results        Description
-4        Indicates that data couldn't be scanned due to encryption.
-3        Indicates that problems were encountered with the phpMussel signatures files.
-2        Indicates that corrupt data was detected during the scan and thus the scan failed to complete.
-1        Indicates that extensions or addons required by PHP to execute the scan were missing and thus the scan failed to complete.
0       Indicates that the scan target doesn't exist and thus there was nothing to scan.
1       Indicates that the target was successfully scanned and no problems were detected.
2       Indicates that the target was successfully scanned and problems were detected.

  • $output_flatness is a boolean, indicating to the function whether to return the results of scanning (when there are multiple scan targets) as an array or a string. false will return the results as an array. true will return the results as a string. This variable is optional, defaulting to false.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer