cPanel Scanner Layers – Incremental File Scanning

by | Nov 3, 2020

One of the frequent questions that we are receiving recently is, how efficient the scanner is, and what can be the option to do something similar to the Rapid scan offered by another solution. To answer this question we have to explain how the total scanning system works automatically or manually and the total workflow is much faster and efficient compared to any other competing solution.

The scanner levels

In cPGuard, we scan each new/updated files in multiple levels which helps to process the files in various ways, multiple times with the most recent virus signatures, and efficiently process them with very less load. Each of the layers is explained below.

1. HTTP Upload Scanner:- If you have WAF integration enabled, this is the first level of scanning if the file is uploaded/updated via the Web. This scanner will immediately deny file upload if it contains malicious code and notifies the customer. You can find the related log in Web Server ModSec log or under WAF logs in cPGuard WAF.

2. Automatic Scanner:- If you have Virus Scanner enabled under Settings >> Scanner, this will trigger. So this is the background scanner where it keeps track of all uploaded/modified files and scans them.

3. Daily Scanner:- If you have Dialy Scanning enabled from Settings >> Additional Settings, Daily files scanning will trigger every day. This option will scan all files uploaded/updated in the last 24 hours.

4. Weekly Scanner:- If you have Weekly Scanning enabled from Settings >> Additional Settings, Weekly files scanning will trigger every Sunday. This option will scan all files uploaded/updated in the last 7 days.

So how the incremental scanning work?

Like the different scanner level explained above, each layer works differently. So once you have cPGuard installed and configured on your server

  • Run ALL manual scan which will scan all Web Files on your server and take actions on them
  • Enable Daily Scan
  • Enable Weekly Scan
  • Make sure that WAF integration is enabled and works fine

So the above steps make sure that your server will be free from all known virus files. In addition to the scanner layers, our WAF rules are powerful enough to stop uploading/exploiting vulnerable files and add an extra layer of security.

Is the incremental scan really fast? 

Yes, it really works fast and efficiently than any other competing solution. Based on the analysis from multiple servers, it took less than a few minutes to complete daily scanning for 200GB web data and that too without any high load on the server. You can see how many files it scanned and how much time it took for each scan.

Is it possible to schedule Daily and Weekly Scans?

Yes, if you prefer to run the scheduled scans at any particular time you can do it easily. To do it

  • Disable Daily and Weekly scanners from Additional Settings
  • Use the cpgbin CLI utility to schedule Daily and Weekly scans at your preferred time.

More questions?

We are always happy to hear from you…if you need any more clarifications please reach our Support desk.