Servers

QualysGuard Malware Detection allows free Web site scanning

Keeping systems malware-free is a never-ending challenge. IT pro Rick Vanover shows how a new free tool can help you to protect your external Web servers.

This week, much of the IT ecosystem is focused on San Francisco for the RSA Conference. I keep an eye on events like this for key product updates and new releases that can enhance the quality of my IT practice. Today at RSA Conference, Qualys has released the beta of a free service to protect against Web server malware.

QualysGuard Malware Detection allows Web server administrators to perform automatic scans of external-facing Web servers. Alerts can be configured to notify you of a failed element of the scan. The engine uses Qualys static and behavioral analysis trends that will look at specific elements on the Web site such as:

  • Encoded JavaScript with obfuscated content
  • Document.writes obfuscation filtering
  • Web bug tracking small code
  • External loads of content with character encoding within frames
  • Rogue Windows registry keys
  • Program installations and run state
  • Disk activity
The Malware Detection product is a service that is launched online from Qualys and scans the Web site you specify. There is a simple dashboard and wizard that you launch to initiate a scan against an external Web server. Figure A shows this wizard being launched: Figure A

Figure A

The web server that you scan must be on a domain that you can verify with a corresponding email address. There are a number of blacklisted websites in the inventory of the QualysGuard service, but it is intended for site administrators to be the ones whom initiate the scan.

In my opinion, this is an attractive offering for a free service. The key differentiator is that the automated scan and alert can proactively keep network administrators in tune with the status of the Web servers they support. The second positive factor here is that a Web engine-specific scan is performed, catching objects that will fall short in typical server antivirus protection. QualysGuard is available now as a free service and is in beta. For more information, read the datasheet or go to the service site to sign up and scan your Web sites.

What tools do you use to provide Web server-specific malware protection? Chances are standard antivirus programs are not enough.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

7 comments
54f3com
54f3com

Good article, unfortunately more RSA conference regurgitation. We are happy to see these folks and others FINALLY accept that there is more to security than just vulnerability scanning. We here at sitesecuritymonitor.com have been doing malware detection for all of our clients, since 2009 for no extra charge. Additionally, we've been offering free onetime scans for the same time period - and have completed well over 7,000 to date! Either way, its good to see - I just request the author to at least do a quick scan for competitors before treating this as 'news'. Jason

nhoeller
nhoeller

I successfully ran QualysGuard against a simple Drupal site. QualysGuard against a more complex site with custom views appeared to loop, scanning 2000 pages before it hit the page limit. QualysGuard appeared to be creating a large number of variants of arguments to the Drupal views. At least some appeared to be identical, although it was hard to tell from the status screen and the full URLs were truncated in the resports. I also ran QualysGuard against a moderately complex NetObjects Fusion site, where all the site HTML was in an /html subdirectory. QualysGuard appeared to be scanning into an increasingly deep /html/html/... directory structure, even though all these pages return en error 404 and a 'parking' page. The issues have been sent to QualysGuard through their support system. I have not received any response yet.

pgit
pgit

It requires a valid email at the domain you want to scan. What if there is no email on the given domain? You won't get past their "validate ownership[" dialog is what... PITA to alias, or worse set up an email server where one is not only not needed but is undesirable. Oh well, you get what you pay for, eh?

dean.h
dean.h

Only works if you have an email address from the domain you wish to scan, my sites don't have an email server so no luck.

b4real
b4real

yes, it does have that as a check. Besides, it isn't really in good taste to effectively 'launch' scans against external websites without ANY authorization. At least there is some tracking for the task.

danrdj
danrdj

If you own the domains, you can route email to a hosted service, even a free one like Google Apps.

jwhitby3
jwhitby3

What will it cost when it comes time for the production release?

Editor's Picks