Jump to content
sijo

osCommerce VTS

Recommended Posts

thank you, i didn't saw.

Now i have another problem

 

Fatal error: Call to undefined function: ftp_chmod() in /public_html/catalog/admin/AV/ocVTS.php on line 234

What php version are you running your site on?


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

PHP Version: 4.4.8

That's what i thought, php version 4 does not use ftp_chmod() but chmod..

This will be fixed in the next release where ocVTS will check for php version..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Hi

 

Hopefully this is the right place to ask a question about VTS and get some clarification with the installion.

 

My knowledge is very limited - as you will be able to tell from my basic questions!!!

 

1. With regard to the config.php file, is the commenting out below correct for leaving the scan in the 'on' position. Or do I need to comment out the line above as well?

 

// DEBUG MODE

// ----------

// Uncomment this option to enable 'debug' mode

// You will receive verbose reports including clean & infected

// files, as well as debug information for file reading and

// database connections.

// Default: Off (0)

 

// $CONFIG['debug'] = 0; // OFF

$CONFIG['debug'] = 1; // ON

 

2. How do I proceed with a scan, and where would I see the results? Can I alter/adjust when to scan?

 

Again, I appreciate any help that you can give.

 

Ben

Share this post


Link to post
Share on other sites

1. With regard to the config.php file, is the commenting out below correct for leaving the scan in the 'on' position. Or do I need to comment out the line above as well?

 

// DEBUG MODE

// ----------

// Uncomment this option to enable 'debug' mode

// You will receive verbose reports including clean & infected

// files, as well as debug information for file reading and

// database connections.

// Default: Off (0)

 

// $CONFIG['debug'] = 0; // OFF

$CONFIG['debug'] = 1; // ON

This is for debug mode only. Use this:

$CONFIG['debug'] = 0; // OFF

 

2. How do I proceed with a scan, and where would I see the results? Can I alter/adjust when to scan?

 

Have you installed ocVTS as described in the install.txt file? :

 

-------------------------------------------------------------------------------------------------

INSTALL: (remember BACKUP!)

* make new folder 'AV' in catalog/admin

 

* Edit config.php to your needs

 

* Edit whitespace.php to your needs

 

* Copy files in package:

index.php - config.php - ocVTS.php - ocVTSa.php - whitespace.php - grep.php - virus.def - files.def

to catalog/admin/AV

 

* CHMOD all files 755 or lower

 

* in catalog/admin/includes/header.php

- find:

</td>

<td class="headerBarContent" align="right"><?php echo (tep_session_is_registered('admin') ? 'Logged in as: ' . $admin['username'] . ' (<a href="' . tep_href_link(FILENAME_LOGIN, 'action=logoff') . '" class="headerLink">Logoff</a>)' : ''); ?>  </td>

 

- add above:

<!--osCommerce Virus & Threat Scan -->

<?php

echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan';

?>

<!--osCommerce Virus & Threat Scan -->

---------------------------------------------------------------------------------------------------------

 

If you have, then you should have a menu choice on the top line in admin: "Virus & Threat Scan"

Click on that menu choice and you will get a new page where you can choose what to do..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

hello

i have the latest version but, still have the

Notice: Undefined variable: flagThreat

i do not have the file manager

also i tried clean up and remove it from filenames.php but that created more error about it not being defined.

and i have these errors in grep.php

Notice: Use of undefined constant SERVER_SOFTWARE - assumed 'SERVER_SOFTWARE' in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 53

Notice: Use of undefined constant path - assumed 'path' in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 55

Notice: Undefined index: path in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 55

Notice: Use of undefined constant q - assumed 'q' in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 56

Notice: Undefined index: q in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 56

Notice: Undefined variable: txt1 in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 91

Notice: Undefined variable: results in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 92

Notice: Undefined variable: txt3 in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 93

Notice: Undefined variable: txt2 in /var/www/vhosts/xxxxxxxxxx.com/httpdocs/admin/AV/grep.php on line 94

Edited by tedbooks

Share this post


Link to post
Share on other sites

hello

i have the latest version but, still have the

Notice: Undefined variable: flagThreat

i do not have the file manager

also i tried clean up and remove it from filenames.php but that created more error about it not being defined.

and i have these errors in grep.php

 

Sorry! All of this should be fixed in next release..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

A new version has been uploaded.

 

Whats new:

* Updated virus.def and files.def

* Added a new procedure to check for file_manager

* Fixed some minor bugs about the notice message

* Fixed a undefined variable bug

* Fixed a bug with whitespace removing, made checking for php version

 

Have fun!


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

thank you. great work.

all the problems that i was having is solved.

it might be very presumptuous of me but i have two suggestion

i do not have any idea how had or easy it is going to be but if you could add a replace to the grep.php

so once the keyword is found it can replace it.

also if it is possible to use application_top.php

i have my admin area require login and that would put these files behind the login

Share this post


Link to post
Share on other sites

Thanks for the contribution. It was working great. Now I am facing a problem. I recently the SiteMonitor contribution (http://www.oscommerce.com/community/contributions,4441). When I try to go into the sitemonitor configuration in the shop's admin panel, my IP is banned in the htaccess file. I see this error:

 

Forbidden!
403 Permission Denied


Your IP is banned or file is forbidden
You do not have permission for this request

Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted

   * This value may indicate an attempt to compromise our server security, such as a cross-site scripting attack.
   * Please do not be alarmed: it is possible the suspected attempt was triggered innocently.
   * Additionally, we will log your IP address, your request, and the date and time. This information is recorded for security purposes only.
   * These disclosures may also be needed for data privacy or to investigate or respond to a complaint or security threat.

We do not claim any ownership of the content collected. This is done for purposes such as diagnosing service or technical problems, and maintaining server security.

Share this post


Link to post
Share on other sites

thank you. great work.

all the problems that i was having is solved.

Glad to hear it works thumbsup.gif

 

it might be very presumptuous of me but i have two suggestion

i do not have any idea how had or easy it is going to be but if you could add a replace to the grep.php

so once the keyword is found it can replace it.

I dont think I would do that with ocVTS, but you can use this program for that.

 

also if it is possible to use application_top.php

i have my admin area require login and that would put these files behind the login

 

ocVTS is for admin use and not for users, that's why it is placed inside admin. (If I understand your question right?)


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Thanks for the contribution. It was working great. Now I am facing a problem. I recently the SiteMonitor contribution (http://www.oscommerce.com/community/contributions,4441). When I try to go into the sitemonitor configuration in the shop's admin panel, my IP is banned in the htaccess file. I see this error:

 

Forbidden!
403 Permission Denied
Your IP is banned or file is forbidden
You do not have permission for this request

I do not know what addons you are using that is reporting this, but it is not ocVTS.

I'm sorry, but I cant help you with this..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

This is for debug mode only. Use this:

$CONFIG['debug'] = 0; // OFF

 

 

 

Have you installed ocVTS as described in the install.txt file? :

 

-------------------------------------------------------------------------------------------------

INSTALL: (remember BACKUP!)

* make new folder 'AV' in catalog/admin

 

* Edit config.php to your needs

 

* Edit whitespace.php to your needs

 

* Copy files in package:

index.php - config.php - ocVTS.php - ocVTSa.php - whitespace.php - grep.php - virus.def - files.def

to catalog/admin/AV

 

* CHMOD all files 755 or lower

 

* in catalog/admin/includes/header.php

- find:

</td>

<td class="headerBarContent" align="right"><?php echo (tep_session_is_registered('admin') ? 'Logged in as: ' . $admin['username'] . ' (<a href="' . tep_href_link(FILENAME_LOGIN, 'action=logoff') . '" class="headerLink">Logoff</a>)' : ''); ?>  </td>

 

- add above:

<!--osCommerce Virus & Threat Scan -->

<?php

echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan';

?>

<!--osCommerce Virus & Threat Scan -->

---------------------------------------------------------------------------------------------------------

 

If you have, then you should have a menu choice on the top line in admin: "Virus & Threat Scan"

Click on that menu choice and you will get a new page where you can choose what to do..

 

Thank you for your reply.

 

I have installed all the files in accordance with your instructions including the ocVTS file but can not see any reference to "Virus & Threat Scan" in Admin.

 

I do not have public_html/catalog/admin but do have public_html/admin; is it because of this? do I need to make other changes?

 

I would appreciate any help you can give.

 

Regards

Share this post


Link to post
Share on other sites

Thank you for your reply.

 

I have installed all the files in accordance with your instructions including the ocVTS file but can not see any reference to "Virus & Threat Scan" in Admin.

 

Can you list here your admin/includes/header.php file..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Hi Sijo,

 

I have managed to install this correctly and all seems to be working fine, except when I try run ocVTS - Scan your site using 'virus.def' and 'files.def' files. I recieve a cannot connect message. If I switch debug mod to on i recieve

 

Loaded 281 virus definitions

Loaded 22 files definitions

Could not connect

 

I'm assuming that I have a setting wrong some where. My root isn't in public_htm but in htdocs, is that correct?

 

My settings in whitespace.php is:

 

$ftp_site = 'www.mywebsite.co.uk'; // your ftp site

$ftp_usr = 'mywebsite.co.uk'; // your ftp username

$ftp_pwd = 'password'; // your ftp password

$ftp_root = 'htdocs'; // your ftp site root folder

 

Other than that everything else works.

Tony

Share this post


Link to post
Share on other sites

I'm assuming that I have a setting wrong some where. My root isn't in public_htm but in htdocs, is that correct?

 

My settings in whitespace.php is:

 

$ftp_site = 'www.mywebsite.co.uk'; // your ftp site

$ftp_usr = 'mywebsite.co.uk'; // your ftp username

$ftp_pwd = 'password'; // your ftp password

$ftp_root = 'htdocs'; // your ftp site root folder

 

The problem has to do with whitespace checking. Try to turn this off in whitespace.php :

// check for leading & trailing whitespace:
//$chk_ws = true;  // ON
$chk_ws = false;  // OFF

// remove leading & trailing whitespace if found (if set to true, $chk_ws also need to be true!):
//$rmv_ws = true;  // ON
$rmv_ws = false;  // OFF

 

When you run ocVTS it will list your 'Scan root:' near the top. What does it say?

 

$ftp_site, $ftp_usr and $ftp_pwd should be the same as when you FTP (upload) files to your site.


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Hi

 

My website has been hacked and I have found a number of infected files thanks to VTS.

 

I do have an issue though. I am not able to load my website using on Internet Explorer browser, my Kaspersky virus check comes up with a 'Access Denied' message and indicates my website is infected by HEUR:Trojan.Script.Iframer

 

On Chrome and Firefox there is no message and the website loads OK

 

I have read about false positives when using Kaspersky. Is there any guidance you can give me on how to proceed.

 

Many thanks.

Edited by benjaming

Share this post


Link to post
Share on other sites

My website has been hacked and I have found a number of infected files thanks to VTS.

 

I do have an issue though. I am not able to load my website using on Internet Explorer browser, my Kaspersky virus check comes up with a 'Access Denied' message and indicates my website is infected by HEUR:Trojan.Script.Iframer

 

On Chrome and Firefox there is no message and the website loads OK

 

I have read about false positives when using Kaspersky. Is there any guidance you can give me on how to proceed.

 

Do you have a link to your site I could try?

You could replace all infected files with safe ones, but:

The best way is to clean your site and then upload it from a safe backup.

Read the How to secure your site to be sure you have done what's needed to have a secure site..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Hello Sijo, I've instaled VTS on my website since I got flaged by Google, i installed it successfully. I found many files infected so After I cleaned it up and reload my back up files to server. I have re-installed VTS again. But when I run OcVTS here is the message:

 

Loaded 281 virus definitions

 

Loaded 22 files definitions

 

Scan Completed

 

osCommerce Virus & Threat Scan v1.0.8

 

 

Scan root: /shop

 

Threats Definitions: 281

 

Files Definitions: 22

 

Scanned folders: 1

 

Scanned files: 0

 

Possible Infected files: 0

 

Possible Threat files: 0

 

Whitespace found: 0

 

 

Scanning folder /shop ...

 

 

 

Then After I run OcVTSa , I got this:

 

osCommerce VTSa v1.0.8

Directory depth set to 100

Directory root: /shop

 

 

 

Warning: opendir(/shop) [function.opendir]: failed to open dir: No such file or directory in /home/xvzhxrwy/public_html/shop/admin/AV/ocVTSa.php on line 255

 

 

Files checked: 0

Files suspected: 0

Files infected: 0

Files cleaned: 0

Clean errors: 0

Clean warnings: 0

 

 

What Did I do wrong in Installation process?

Share this post


Link to post
Share on other sites

Warning: opendir(/shop) [function.opendir]: failed to open dir: No such file or directory in /home/xvzhxrwy/public_html/shop/admin/AV/ocVTSa.php on line 255

 

 

Files checked: 0

Files suspected: 0

Files infected: 0

Files cleaned: 0

Clean errors: 0

Clean warnings: 0

 

 

What Did I do wrong in Installation process?

 

What do you have in config.php for this? :

$CONFIG['scanpath'] =


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

What do you have in config.php for this? :

$CONFIG['scanpath'] =

 

Here What I have:

 

$CONFIG['scanpath'] = $_SERVER['public_html']."/shop";

 

Should I replace 'public_html' ? My document root is /home/username/public_html/shop/

 

Is the result from OcVTSa Scan, means everything OK? Please guid me.

Edited by suwandana

Share this post


Link to post
Share on other sites

Here What I have:

 

$CONFIG['scanpath'] = $_SERVER['public_html']."/shop";

 

Should I replace 'public_html' ? My document root is /home/username/public_html/shop/

 

Is the result from OcVTSa Scan, means everything OK? Please guid me.

 

If you want to scan from /shop then use:

$CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT']."/shop";

 

If you want to scan from your site root, then use:

$CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT'];


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Sorry I mean for the 1st result from OcVTS, is everything OK??

 

No, none of them are right, please see my previous message how to configure..


---------------

regards

sijo

---------------

 

Contrib: JMrating10 - Rate your products / osCommerce VTS - Virus & Threat Scanner

 

(osCommerce VTS now also checks for leading and trailing whitespace and also have a grep function)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×