‘Electronegative’ – Free QualysGuard Malware Detection scan

Title inspired by ‘Sybreed’

Just in time for RSA 2010 Qualys announced their new (beta) service “QualysGuard Malware Detection“. According to their site it’s a ‘ground breaking free service that scans your web site for malware infections and threats’ and since it is free i thought I’d give it a try.

Once you’ve registered and followed through the usual account creation process you’re looking at a nicely made interface where you can start a new scan for a website of your choice. Should you want to scan a site that is not corresponding to your registered email domain you have to provide an email address for that domain for confirmation purposes.

The next step gives you the opportunity to set the scan job as a scheduled event and provides few options to influence the depth of scan.

And that is all information Qualys needs to go and scan your site. My web site security skills are virtually non existant but i expected at least a few more tuning options. The service seems clearly aimed towards SoHo users which is fine of course if it does it’s job. The scan ran through fairly quick and found no issues with my blog.

I decided to give it one more test before i set up a scheduled scan job to monitor my site and call it a day. “Inspired” by a posting on the PaulDotCom mailing list where Irongeek discovered a suspicious PHP file on one of his web sites i deemed this to be a sufficient (and quick) test for the ‘malware infection and threat’ diagnostic service. I uploaded a c99 shell, made sure it is accessible and working externally and started the scan again. Unfortunately the result was exactly the same as before even with the ‘intensity’ slider all the way to the right. No mention of any issue or possible threat.

After reading a bit in the ‘Support/How it works’ section i’m not sure if this is something the service is supposed to find as it seems to be more focused on ‘drive-by’ stuff, but honestly – why bother with a malware infection and threat scan service if the obvious and easy stuff is not covered? That said it really was just a quick test and more in depth testing might paint a completely different picture. Anyway, the service is free and Qualys should be commended for their good intentions. Give it a try yourself and see if it does what you are looking for.