Malware Scanner – How to scan your sites for malware

We have recently introduced the ability for you to initiate manual malware scans for any client account directly from within cPanel. 

This functionality is provided completely free of charge. 

The malware scanning engine is powered by the industry leading Imunify360 solution, which already protects your account from attacks silently on all of our servers.

Initiating a Malware Scan

To initiate a Malware Scan, you need to log into the cPanel account and find ‘Imunify360’ under the ‘Security’ Tab. 

From here, you will be presented with a screen similar to the following…

To initiate a scan, you can press on the ‘Start scanning’ button on the right hand side.

Once you hit ‘Start scanning’, your scan will be queued. the scan will begin searching through the files within the account to find infected files and malware. 

Please note that any detected malware is automatically quarantined or cleaned (Deleted).

The malware protection has an incredibly low false-positive rate, with a high-level of accuracy due to the algorithm of the checks, including structure analysis and obfuscated code detection. 

The solution however, is provided as a courtesy, and understandably cannot guarantee the removal of all infections. As such, if you believe your site has been hacked and the malware scan isn't removing all traces of the infection, you may need to contact a security analyst for further review. 

Once the scan has completed, you will see the outcome of the scan, any files that were detected as malware and whether those were quarantined or cleaned. 
You can also view the history of malware detected on the account by going to the ‘History’ tab towards the top of the screen, this will show you all previous malware found and the action taken. 

Please note, that we do run scheduled scans weekly, so your accounts will be frequently checked automatically. Manual scans are rarely ever needed as everything is scanned in real-time, so your sites should always be malware free. 

If you do not see the option for ‘Imunify360’ or the option to ‘Start scanning’ within your accounts, please do contact support so we can ensure this option is visible to you. 

How do I enable PHPMail() on my account?

We have decided to disable the mail function because the mail() function was often used by malicious users on our network to send spam and other unsolicited e-mails. 

This is to protect the reputation of our IP addresses / network, and to ensure that your domains stay off RBL’s and blacklists. 

We recommend our customers to use an e-mail library or plugin in order to send e-mails via SMTP. There are additional benefits to relaying your messages via SMTP also, including the fact we relay all of your outbound mail through the MailChannels delivery service.

Why do you recommend against using PHPMail()?

When an email is sent from a PHP application using PHP mail, such as a contact form, the message is relayed via the server hostname similar to…

youruser@your.servername.com

In our case, this would be…

youruser@server.cloudns.io

Yet, your PHP application will be set to send emails from an alternative ‘prettier’ email address, such as ‘you@yourdomain.com’.

The problem here is that many recipient mailboxes will recognise this as ‘spoofing’, and will indeed flag the message as SPAM.

How do I enable PHPMail() on my account?

First of all, this is strongly discouraged.

However, if you do require PHP mail to be enabled on your domain, you can enable this via the PHP Selector in cPanel…

1.) Login to your cPanel

2.) Click ‘Select PHP Version’ 

3.) Select ‘Options’ 

4.) Change ‘sendmail_path’ to ‘/usr/sbin/sendmail -t -i’