Jump To Section:

• SMART Database Scan
• SMART File Scan
• Vulnerability Scan
• Web Page Scan

> SMART Database Scan

How does SMART Database Scan work?: SMART database will scan your database tables for known malware and spam content. Based on your scan preferences, SMART Database Scan will automatically remove malware and spam or simply notify you when discovered.

Please note, SMART Database Scan is an on demand scan, so it must be manually started by clicking Scan Now.

Scan Results: The scan results will display the current status, platform, and list of any malicious or spam content detected, as shown below.

> SMART File Scan

How does SMART File Scan work?

The SMART file scanner performs daily scans on all files within your website file directory and automatically removes malware.

1. First, SMART downloads a copy of the files in the scan range from your hosting server.
2. SMART scans the downloaded code, utilizing a signature database with over 8 million known malware signatures.
3. When malware is detected, only the offending code is removed. If malware was injected into legitimate code, this leaves behind the legitimate code, only removing the code that matches the known malware signature.
4. Once all files have been scanned and all malicious code has been removed, SMART re-uploads the cleaned files back to your server, overwriting the malicious file(s) with clean versions.

NOTE: Malware is typically added to website code in one of two ways:

• The most common attack is the stealthy background malware. The goal is to inject malware in an obscure location so as to remain hidden and doing damage for as long as possible. SMART File Scanner finds and removes this malware, leaving behind functional code.
• The less common attack is the in-your-face aggressive malware that overwrites existing website code. This is common in defacement attacks, where the entire goal is to display hateful messages - often political in nature - on your website for as long as the website remains compromised. This is when it's critical to have a good website backup, because the solution is often to restore the website to a point before the malware attack, then work to correct the vulnerability that allowed the attack.

Terms Defined:

• SMART File Scan
  Reading the SMART results is very simple. Each scan will list the number of files scanned, files that have changed from the previous scan, and of course list any malicious or suspicious files found during the scan.
• Files Scanned
  Total number of files scanned.
• Files Added by Customer
  New files added since the previous SMART scan finished. Please note, if your website uses a Content Management System (CMS), you may see files added that you didn't personally add - this is fairly common during background updates or manual/automatic updates.
  
• Files Modified by Customer: Modified files since the previous scan finished. Please note, if your website uses a CMS, you may see files modified that you didn't personally modify - this is fairly common during background updates or manual/automatic updates.
  
• Files Delisted by Customer
  Files that were removed from your server since the previous scan finished. Please note, if your website uses a CMS, you may see files delisted that you didn't personally delisted - this is fairly common during background updates or manual/automatic updates. By design, SMART File Scan never deletes files. Even if a file is entirely malicious, the file contents would be removed, but the empty file itself would remain. These files are easy to identify, as the size is 0kb when viewing the file in a file manager. You may freely delete these empty files.
• Malicious files cleaned
  This is the number of files that SMART cleaned.
• Malicious files found
  This is the number of files that SMART detected, but could not clean. This is often due to file permissions, or a partial malware match.
• Suspicious Files Found
  This is the number of files that have suspicious content. This type of content has a very high false positive rate and there is no action to be taken.
• Files Under Review
  This is the number of files that contain content that may be malicious; These files are under manual review by SiteLock and may be addressed on subsequent scans.
• Scan Results
  These are specific files that have been cleaned, detected as malicious, suspicious, or are under review will be listed below the scan summary. These lists can also be exported and saved to your personal machine by clicking Export CSV.
  • Note: You can view specific file changes of cleaned files by selecting View in the far-right column

> Vulnerability Scan

How does the Vulnerability Scan work?
The Vulnerability Scan reviews the integrity of your Content Management System (CMS), Plugins, Themes, and other Extensions for reported vulnerabilities. The scan results will compile discovered vulnerabilities based on the latest scan and provide recommended mitigation steps. If you have a CMS, most vulnerabilities are resolved by updating Core, Plugin, and Theme files to their latest versions.

Scan Results
The scan results on this page are fairly simple. When a vulnerability is detected, the scan summary will indicate what type of vulnerability (Platform, XSS, or SQL Injection) and list the vulnerable software or URL as well as any other relevant information specific to the vulnerability.

Platform Vulnerability
This tab lists information about potential vulnerabilities in your platform (like an outdated CMS, Plugin, or Theme). Each is classified according to its type and severity, and includes details about its potential impact and recommended mitigation steps. Understanding these vulnerabilities and taking the necessary actions to address them is vital for ensuring the security and integrity of your platform.

SQL Injection (SQLi)
This tab will display scanned URLs and list any which are potentially susceptible to SQL Injection attacks. SQL Injection is a critical security vulnerability that could allow attackers to manipulate your database, leading to data theft, data modification, or even data loss.

Cross-Site Scripting (XSS)
This tab will display scanned URLs and list any which are potentially vulnerable to Cross-Site Scripting (XSS) attacks. XSS is a severe security vulnerability that may enable attackers to inject harmful scripts into your webpages, potentially leading to user data theft, session hijacking, defacement of your website, or even distribution of malware to your site's visitors.

> Webpage Scan

How does the Webpage Scan work?
The Webpage Scan uses SiteLock's internal database as well as external databases from Google, PhishTank, and Anti-Virus Blacklist to crawl your live website files and look for signs of malware.

Scan Results
The scan results for this website will display a total number of website pages reviewed and alert you in the event that any malicious content is detected. When malware is detected, the scan results will include specific URLs that are being flagged as containing malicious code, the type of malware and severity, and even a small sample or snippet of the detected content.

• It's important to note that the samples from this scan likely contain malicious code so this code should not be copied or pasted elsewhere.
• If your Webpage scanner is detecting malware, we strongly recommend contacting SiteLock Support for mitigation steps.