Support

Admin Tools

#11144 Question about the PHP-scanner

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Saturday, 18 February 2012 08:07 CST

Friday, 17 February 2012 13:34 CST

user41123
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.25
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: 2.2.0

Question:

Hi Nicholas,

I installed the new version 2.2.0 today and everything works great as always! ;-)
I also tried the PHP Scanner and after a while I have 127 pages with scanned PHP-files which are all marked as unsafe.
I check the files with the highest rates but everything seems OK for now. They are all marked with unsafe, do I have them mark as Safe after this first scan?
And if so, is there a faster way to check them for safe all at once, otherwise I have to do this at 127 pages. ;-(

Last question; how much space does each scan require? It seems like a lot of data.

Greetings and have a great weekend!

Paul

Friday, 17 February 2012 15:28 CST

nicholas
You don't have 127 pages of unsafe files, you have 127 pages of files. Of all of your files. Those marked as unsafe are 4-6 pages on a typical site. Our documentation tells you exactly what you need to do about them.

THe first time you run a scan, all files are reported as new, because the scanner had never seen them again. As you will see, most of the files have a threat score of 0. If you think about it, it makes sense. If it doesn't make sense, please read the documentation.

The data doesn't take much database space. The first scan occupies about 1Mb. Subsequent scans occupy MUCH less space (usually 10-30Kb per scan). The reason is that the first scan draws information about all of the files on the site, subsequent scans only log the differences (modified files).

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 17 February 2012 16:26 CST

user41123
Thanks for your explanation, Nicholas. Off course I've read the manual, even twice but I still wasn't shure what to do about all these "marked as unsafe" files after my first scan. This is not a simple matter to immediately understand for an amateur. ;-)
In your response you write that only 4-6 pages are marked as unsafe but in my case ALL files till the last page where marked as unsafe.

What I did now is checking all files with high scores for suspicious lines and after that marked ALL files as safe so the next scan will only check for differences and/or new files.

Hope I did the right thing.

Have a nice weekend!

Greetings, Paul

Saturday, 18 February 2012 02:27 CST

nicholas
Hi Paul,

Let me correct you: All files are NOT marked as safe. This is completely different than saying "all files are marked as unsafe". This is expected. I will explain below what the safe mark does. You only needed to check the files with a non-zero threat score (suspicious files) which are the first 4-6 pages on a typical site.

What I did now is checking all files with high scores for suspicious lines and after that marked ALL files as safe so the next scan will only check for differences and/or new files.

You didn't have to do that for all files. It would suffice to mark only the files with a non-zero threat score as safe.

Let me explain this.

Assume that we have a file which is perfectly legitimate, but has a non-zero threat score. This is a false positive. We don't want every subsequent scan to report the file as suspicious. Therefore, we have to mark it as Safe. This has a very simple effect. Unless the file's contents, length or timestamp change, subsequent scans will not report the file as suspicious (we know that its current contents are legitimate, but throw false alarms). Marking a non-suspicious (threat score = 0) file as safe doesn't make any difference at all.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 18 February 2012 08:03 CST

user41123
Hi Nicholas,

Thanks again, it's clear to me now. I've set the marks now according to your advice.
I think this is a wonderful addition to one of the best extensions for Joomla!

Greetings, Paul

Saturday, 18 February 2012 08:07 CST

nicholas
You're welcome and thank you for your kind words!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!