Virusday - antivirus for sites that are not ashamed

This is, for the most part, an advertising post, since it is the first on our blog. After the first acquaintance, we will write here about the architecture of protection systems, antivirus algorithms and interfaces.

In 2012, we decided to create the most convenient tool for protecting and fighting viruses on websites, and now, this project has grown into a service that we are not ashamed to tell about.
')
It’s no secret that defeating a site with a virus does not bode well for its owner, and the problem of eliminating and preventing sites from becoming infected every year becomes more and more important. To solve the problem of infection have, in most cases, the webmaster.

It is for such webmasters that we created the Virusdai service, which not only saves time when searching for malicious code and eliminating site infection, but often allows us to forget about such problems. It is enough just to trust the anti-virus machine and the firewall.

What is Virusday

Virusdai is a cloud-based anti-virus for sites and firewall, which allows you to automatically treat sites for viruses, protect against repeated infections, attacks, XSS / SQL injections and suspicious activity.

The service is designed for webmasters, web studios, SEO specialists and site owners who prefer to spend the least amount of time (or not to spend at all) and the strength to find and eliminate the sources and consequences of infection.



VirusDay finds and removes automatically the malicious code in PHP, HTML, JS, system files and files disguised as images, and after treatment, the user’s resource remains valid. The service can work immediately with multiple user sites and does not require installation or configuration.

Virus comfortable

Easy to use
To get started, you just need to add a new site to the list on the service and synchronize it. For this, it is proposed to download and place a unique * .PHP file for each user in the root directory of the site. The rest of the service will do it yourself, and you just can control the processes and manage everything through the panel.


Automatically eliminates malicious code
Anti-Virus allows not only to find the malicious code, but also to eliminate it automatically. At the same time, Virusday can not only delete files as a whole, but is able to carefully cut out fragments of malicious code, while maintaining the efficiency of the resource.


Does not leave its users alone with the problem
There are cases when the virus can not cope with the found infection in automatic mode. However, here the service will not leave you alone. First of all, you can use the built-in editor, in which the found code snippet will be visually highlighted and make your own decision about deleting the desired piece. Secondly, you can ask the technical support service to analyze the threat and eliminate it.


One click protection
To reduce the likelihood of re-infection of the site and the effects of attacks Virusay allows you to install a firewall on the site with one click. Data on the results of his work are displayed in the control panel of the corresponding site on the service. The firewall is included in the standard set of functionality of the Virusday service.

Toolbox

We tried to create a convenient space for webmasters on the service and expanded the main functions of the antivirus and firewall with additional tools: a file manager, a file editor and an exclusion list. We now tell about everything in a little more detail.

All work with sites on the service is carried out from a list in which you can add an unlimited number of them and define an automatic check interval and other settings for each (automatic treatment, exceptions, etc.). Also, from here you can start checking sites and make quick settings.



To go to work with the tools of each site, simply click on the desired block in the list - the toolbar of the desired resource will open.

1. Antivirus

The antivirus section displays detailed information about the affected and cured files, errors, their number and time of checks. The last / current operation is displayed in a large block of antivirus at the top of the page. Site status is color coded. Red - threats detected. Yellow - sync error. The automatic treatment switch is located here (in addition to the mandatory presence in the general list of site settings). In case automatic disinfection is enabled - the found threats will be automatically eliminated when checking the site.



The virus can eliminate not all threats detected by it in automatic mode. Antivirus does not cure detected Suspicions, and detected Infections are curable in automatic mode or not. This is explained by the fact that it is not always possible to formulate with guarantee the rules for determining the exact fragment of malicious code, which, if removed, will keep the resource working.

Even in this case, you can view the found malicious code (the code is highlighted) in the file editor (which can be accessed from the scan / treatment report) and eliminate it manually or ask the support service for a solution.

With automatic disinfection, a backup copy of the files being modified (or deleted) by the antivirus is always saved. It is possible to restore the file to the “before treatment” state from the file editor by going to it from the report.



In addition, Virusday tracks finding a site in the black lists of Google and Yandex Safe Browsing. This opportunity allows you to be confident in the success of the treatment.

If the site after treatment does not disappear from the blacklists (and Virusday cannot find threats) you will be asked to contact the technical support of the service, where this issue will be dealt with by the anti-virus database specialists (in the future we will improve this scenario and eliminate the need to write a request for this about).

2. List of exceptions

To ignore certain site files during the scan, we implemented an exclusion list in which you can add a file from both the scan / disinfection report and the file manager.

3. File manager

For convenience (especially if the sites are physically on different servers), we made the built-in file manager, which can be used to get a clear picture of the infection (markers of the affected directories / files are displayed in the file structure).

From the file manager (as well as from any inspection / treatment report), you can go directly to viewing any resource file in the built-in file editor.

4. File editor

In the file editor, you can see with your own eyes the found malicious code and quickly edit the content yourself. Malicious code when viewing a file in the editor will be highlighted.

Here you can also change the file permissions and restore from a backup copy created automatically during disinfection.

5. Firewall

The only tool that is still at the debugging and testing stage is the firewall, which we have included in the main functionality of the service. It is available today for sites on Joomla, WordPress, Drupal, DLE, Bitrix, ModX, Yii framework, Opencart, NetCat, CS.Cart, AmiroCMS, HOSTCms and Magento control systems and can reduce the likelihood of successful DoS attacks, XSS / SQL injection and download suspicious files.



The firewall is automatically installed on the site when the switch switches to the on position. All data on the firewall are displayed in the site panel.

Where do diamonds come from?

We are convinced that good service must be paid for, because quality requires constant investment of serious resources. Therefore, Virusday is a paid service. Check any number of your sites (including scheduled) it allows for free. Paid are treatment and protection services. At the same time, the price of using the service is so much lower than the cost of the services offered on the market today that it is even inconvenient for us to write about it here. In addition, we have several affiliate programs that make using the service even more interesting.

Anti-virus database

From the very beginning, we understood that automatic treatment is, first of all, qualitative detection rules. It is not enough to detect the presence of malicious code, it needs to be removed so that the efficiency of the resource is not impaired. We pay a lot of attention to this aspect of the service. Today, the anti-virus database is replenished with our anti-virus database department, and also uses several third-party SDKs. In addition, any user of the service can send us the malicious code found by him for analysis and, perhaps, on the basis of it a corresponding detection / elimination rule will be created.

What will be tomorrow

Service Virusay provides its services not only to webmasters. For search engines, Internet companies and large web projects, we have created a superficial site inspection service for threats of Virusday. Bot. The service is available through the API and allows you to quickly check the HTML and JS files of the site that are available "outside" for infections and, in addition, conduct behavioral analysis, for example, by establishing the presence of a mobile redirect.

Also, today, at the facilities of one of the hosting providers, testing of the Virusday server antivirus is performed. The server we created as a result of research work. While this is still a prototype, but probably Virussay. The server will turn into a full-fledged product later this year.

Every day we are working to improve the existing service. Every day, many changes are made to it, mostly hidden from the users' eyes, but affecting the efficiency of its work. Once a week we make changes to the interface, optimizing the scenarios of interaction with it. We still have a lot to do, but it only inspires us.

Now that we have provided you with a service, we will be able to talk about its architecture in the next post.