A malware and vulnerability scanner
You run eComscan as an application on your (Linux) production server, either as single scan (scrutinize mode) or continuously as a monitor.
Upon every run, eComscan connects to the secure Sansec servers and downloads the latest signatures. These signatures are updated multiple times per week (sometimes per day) so you benefit from the latest threat intel.
In addition to a file scan, eComscan recognizes configurations of common shop systems (Magento, WooCommerce etc). When it finds one, it will use that configuration to connect to your database server. It then scans specific tables for malicious code. Because there are only a number of tables where criminals can inject executable code, the total number of scanned data is limited and the scan has no impact on the performance of your store.
eComscan incorporates a secure self-updater. If new checks or improvements are available, they are automatically installed. NB: make sure that the ecomscan program is writable, or otherwise auto-update will be skipped. Self-update may fail if the user running ecomscan differs from the user owning the ecomscan program. You can check by running:
ls -la `which ecomscan` id
This should produce, for example:
$ ls -la `which ecomscan` -rwxr-xr-x 1 app app /data/web/bin/ecomscan $ id uid=1000(app) gid=1000(app) groups=1000(app)
eComscan reports to the console (possibly in JSON/CSV format for automated parsing). When given the –report or –monitor options, it will email a report to you. With the –slack and –phone options, you can receive alerts via Slack or SMS (Advanced plan only).
eComscan will match the license URL with configured URLs of the store. If any of the store URL frontends matches, it will continue. This enables you to run eComscan on dev & staging environments. This is actually recommended, because you will be able to catch vulnerabilities in an early stage.