This script is a command-line malware scanner written in PHP. It recursively scans directories and files, detects potential threats using predefined virus signatures, and generates logs based on the findings.
- Recursively scans directories and files for malware signatures.
- Detects encoded malware patterns (e.g., Base64, hex-encoded payloads, obfuscated PHP code).
- Logs scan results in either verbose or short mode.
- Option to save logs to a file.
- Option to load your own virus signatures from a file.
- Option to get log in json
- PHP 7.4 or higher
- CLI (Command-Line Interface) mode enabled for PHP
No installation is required. Simply place the antivirus.php script in a desired directory and execute it via the command line.
Run the script with the following parameters:
php antivirus.php --path=/path/to/scan [--signatures-file=/path/to/signatures.txt] [--log-mode=verbose|short] [--exclude-dir="/cache/,/temp/"] [--log-file=/path/to/logfile.log]--path(required): The directory or file path to scan.--signatures-file(optional): The file with virus signatures.--log-mode(optional): Logging mode (verbosefor detailed output,shortfor infected files only). Default:short.--exclude-dir(optional): Comma-separated list of directory patterns to exclude from scanning.--log-file(optional): Path to a file where logs will be saved.
Scan a directory with verbose output:
php antivirus.php --path=/var/www --log-mode=verboseScan a directory excluding /upload/ and /temp/ directories:
php antivirus.php --path=/var/www --log-mode=verbose --exclude-dir="/upload/,/temp/"Save logs to a file:
php antivirus.php --path=/var/www --log-file=/var/log/antivirus.logLoad own virus signatures from a file:
php antivirus.php --path=/var/www --signatures-file=sdignatures.txt0- No threats found.1- Threats detected.2- Error occurred.
This script is released under the MIT License.
This script is a basic signature-based scanner and does not replace commercial antivirus solutions. Always use additional security measures to protect your server.