Check website for viruses with Ai-Bolit
To check the site for viruses, there is a console utility AI-Bolit. To check, we must go to the console and download the utility from the repository. Since the company that developed the utility has already closed, I had to save the source for myself, so we execute the following command:
git clone https://github.com/rorry47/ai-bolit.gitNext, go to the script folder:
cd ai-bolit/ai-bolitTo scan for viruses we use the following command:
php ai-bolit-hoster.php --path=/var/www/example.com/ --smart --skip=jpg,jpeg,png,gif,svgHere we run the utility through the PHP interpreter and specify the path to the root directory of the site after --path. Please note that the script works with PHP version 5.6 to 7.4
The scanner has two operating modes “normal” and “paranoid”.
To diagnose hacking and infection of the site, it is enough to check the site files in the usual mode. It does not give false positives and is suitable for assessing whether a site is infected or hacked. In order to check the site for viruses and hacker scripts in detail, as well as to generate a report for disinfecting the site, it is necessary to scan the files in the “paranoid” mode. This report includes not only known virus fragments or hacker scripts, but also suspicious fragments that need to be studied, as they could potentially be malicious.
Sometimes the same code snippets can be used in both hacker scripts and legitimate CMS scripts. Therefore, in automatic mode, it is impossible to determine 100% whether a file is malicious. This file will be displayed in the report and it is necessary to manually determine its danger.
If you run the scanner in command line mode, the mode number can be specified using the --mode parameter.
php ai-bolit.php --mode=1 is a normal mode check (diagnostics)php ai-bolit.php --mode=2 is paranoid mode check (for cure)Wait for the scan to finish and the script will create a file in the root of the site with the results of the scan, which can be opened in the browser.