FAILLE DE SECURITE MAGENTO – Detect Malware with New Discovery Rules

FAILLE DE SECURITE MAGENTO – Detect Malware with New Discovery Rules
5 (100%) 4 votes

FAILLE DE SECURITE MAGENTO – Detect Malware with New Discovery Rules

To help merchants manage recent increases in malware attacks, Magento has published best practices and recommendations for protecting and remediating sites. As part of this guidance, advanced users were encouraged to use a new set of malware discovery rules provided by the author of These rules are an excellent resource supported by the security community and can detect specific infected files on your site.

Magento security encourages the use of these rules which include full instructions for installation. This article provides additional information on how to setup your site to use the malware self-scanning tool.


The malware discovery toolset is hosted on GitHub and requires that Git and the yara and python packages be installed on the operating system. Use the following steps to install the prerequisites.

  • Install Git for your server or local machine by following the instructions located here: Git installation instructions
  • If you are using Debian/Ubuntu machine or server, use the following to install required packages:
    sudo apt install yara python3
  • If you are using MacOs, you can install yara using Homebrew
    • Install Xcode
      xcode-select –install
    • Install Homebrew
      ruby -e "$(curl -fsSL"
    • Install python and yara
      brew install yara python3



Once you have completed installing Git and python you will need to download the malware tool and scan your Magento site using the following commands:

  • Clone the malware repository from GitHub
    git clone
  • Validate Malware Signatures and Samples
    python tools/


The Yara scanner works only on files and directories. Many types of malware hide in the database and are only displayed when accessing the site. To scan those locations, you need to download the site homepage to the same directory that will be scanned. Make sure to NOT put those files into a publicly accessible directory and to remove them after scanning. Steps to scan these locations include:

  • Download your site homepage for scanning analysis
    curl –o output.html
  • Create dump of the database – details are described here (and you can find database connection details in your Magento app/etc/local.xml file)
  • Scan the Magento site for Malware
    cd magento-malware-collection
    yara -r rules/all-confirmed.yaryara -r rules/all-confirmed.yar site-index-and-sql-dump-folder/


If malware is discovered by the malware tool you will see similar output in your command window:

yara -r rules/all-confirmed.yar /Users/scanner/code/m1vg/ 2> /dev/null
visbot /Users/scanner/code/m1vg/app/design/frontend/base/default/template/checkout/onepage.phtml
jquery_code_su /Users/scanner/code/m1vg/app/design/frontend/base/default/template/checkout/onepage.phtml


  • If the scan confirms your site has been impacted by malware, Magento recommends that you check your site for other issues using, a free service that provides insight into your security status. Work with your Solution Partner or developer to clean your site and follow our recommended site remediation steps.
  • Deploy any missing security patches and address other issues discovered by the scan. Enterprise Edition patches are available in My Account and Community Edition patches are posted on the Community Edition download page under the Release Archive tab.
  • Protect yourself against password guessing, which is increasingly being used to attack sites that have all security patches in place.
  • Implement Magento Security Best Practices to further protect your site.
  • Sign up to receive Magento security notifications to stay up-to-date on security recommendations and issues.


Support technique et ingenierie WEB et sécurité
CMSGUARD vous accompagne dans le nettoyage et la sécurisation quotidienne de vos sites internet. Nous pilotons vos plateformes WEB par une expertise d’infogérence basée sur la sécurité et le White hacking.


WP Facebook Auto Publish Powered By :