Verdict-as-a-Service

Verdict-as-a-Service Logo Online Dokumentation

Example: WordPress Plugin

This example demonstrates how to utilize Verdict-as-a-Service to protect a WordPress installation against malware. It is meant to scan every content in a wordpress installation for malware.

Simple implementation

The main lines of code utilizing Verdict-as-a-Service in this example are these following.

public function scanFile($filePath): Verdict
{
    $verdict = $this->vaas->ForFile($filePath)->Verdict;
    WordpressGdataAntivirusPluginDebugLogger::Log(
        'wordpress-gdata-antivirus: verdict for file ' . $filePath . ': ' . var_export($verdict, true)
    );
    return $verdict;
}

Full Scan

We implemented a full scan of the WordPress installation. This is done by scanning every file in the installation. It can be started as an on-demand scan or scheduled to run periodically.

95%

As you can see, the full scan runs in batches, so not one single request has to handle all the files of a WordPress installation.

Findings

When the plugin finds malware in a file, it will log this information and display a red admin notice write into the debug log (if enabled for the WordPress installation) and writing it into a database table.

As an admin you will also see a notification icon on the VaaS menu item. By entering the Scan Findings page you can see the findings of the last scan and more important are able to delete the malware containing files with one click of a button.

95%

On-access scan for uploads

We implemented an on-access scan for files of WordPress installation. This is done by scanning every file that is uploaded to the WordPress installation via the WordPress upload forms. This affects media, plugin and theme uploads.

95%

Utilizing the WordPress prefilter hooks means the files will never be copied into your WordPress installation if they contain malware.

On-access scan for content

We implemented an on-access scan for content of WordPress installation. This is done by scanning every content that is saved to the WordPress database. This affects posts, pages, comments, pingbacks, trackbacks and custom post types.

Like in the file example, the content will never be written into your WordPress database if it contains malware.

On-access scan settings

You can also configure the on-access scan settings. You can enable or disable the on-access scan for uploads and content.

95%

How to get the app?

The plugin is currently not published and therefore not available in the WordPress plugin directory. You can get in contact with us and have a chat about your use case. Have a look at the contact page for that.