PHPackages mage2kishan/module-malware-scanner - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. mage2kishan/module-malware-scanner ActiveMagento2-module[Security](/categories/security) mage2kishan/module-malware-scanner ================================== Active malware prevention + on-disk scanner for Magento 2. Three real-time guards (REST API, universal upload, custom-options) block PolyShell webshells, polyglot files and PHP-object-injection payloads BEFORE they touch disk. A nightly recursive scanner finds anything that slipped through, auto-quarantines critical findings inside writable upload zones, and ships with a built-in vendor allowlist that prevents false positives on legitimate composer dependencies. Includes admin grid, in-admin documentation, signature catalog and email notifications. 1.0.4(1mo ago)537↓50%21proprietaryPHPPHP ~8.1.0||~8.2.0||~8.3.0||~8.4.0 Since Apr 17Pushed yesterdayCompare [ Source](https://github.com/mage2sk/module-malware-scanner)[ Packagist](https://packagist.org/packages/mage2kishan/module-malware-scanner)[ Docs](https://kishansavaliya.com)[ RSS](/packages/mage2kishan-module-malware-scanner/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (9)Versions (6)Used By (1) Panth Malware Scanner & File Integrity Monitor for Magento 2 ================================================================ [](#panth-malware-scanner--file-integrity-monitor-for-magento-2) [![Magento 2.4.4 - 2.4.8](https://camo.githubusercontent.com/079c832211eed4f9451ebe264e3865f825b0f9f31b041cbf03676c6e254535d4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4d6167656e746f2d322e342e342532302d2d253230322e342e382d6f72616e67653f6c6f676f3d6d6167656e746f266c6f676f436f6c6f723d7768697465)](https://magento.com)[![PHP 8.1 - 8.4](https://camo.githubusercontent.com/56b3cce18841623e2cbed2ebf09b06be1be8807e99e6e054a89d304ab4790b8e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312532302d2d253230382e342d626c75653f6c6f676f3d706870266c6f676f436f6c6f723d7768697465)](https://php.net)![License Proprietary](https://camo.githubusercontent.com/15379ffe4e8d2918decfb7cb0be72c1b5e79cd4de566819393b0e1b738b09e1c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d50726f70726965746172792d626c7565)[![Packagist](https://camo.githubusercontent.com/6f01143bb5c387e979b91bbe71e851230d6922d1e5d162f3f9dcca1275b70f60/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5061636b61676973742d6d616765326b697368616e2532466d6f64756c652d2d6d616c776172652d2d7363616e6e65722d6f72616e67653f6c6f676f3d7061636b6167697374266c6f676f436f6c6f723d7768697465)](https://packagist.org/packages/mage2kishan/module-malware-scanner)[![Upwork Top Rated Plus](https://camo.githubusercontent.com/6f72584179420c41ed90432fd2579a4ed36199d4229e8181d20f353c1c4ee4eb/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5570776f726b2d546f702532305261746564253230506c75732d3134613830303f6c6f676f3d7570776f726b266c6f676f436f6c6f723d7768697465)](https://www.upwork.com/freelancers/~016dd1767321100e21)[![Panth Infotech Agency](https://camo.githubusercontent.com/401a792e990131002e91054d1b04494af5a2152fcc891ca000eb683786770abf/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4167656e63792d50616e7468253230496e666f746563682d3134613830303f6c6f676f3d7570776f726b266c6f676f436f6c6f723d7768697465)](https://www.upwork.com/agencies/1881421506131960778/)[![Website](https://camo.githubusercontent.com/f1ae86d28e2b505aee60f240d3e5508e390b0a8dc7a9b7ecf1b450fad862053f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f576562736974652d6b697368616e736176616c6979612e636f6d2d304439343838)](https://kishansavaliya.com)[![Get a Quote](https://camo.githubusercontent.com/0b6c02cc1ad00f11bf1b0164a9998734bd716473db36cc2a5c1517e3d3578d1b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4765742532306125323051756f74652d46726565253230457374696d6174652d444332363236)](https://kishansavaliya.com/get-quote) [![Panth Malware Scanner — free Magento 2 security extension. Signature-based malware detection, PolyShell protection, file integrity monitoring, auto-quarantine. Built by Kishan Savaliya (Panth Infotech), Top Rated Plus on Upwork.](docs/images/hero-banner.png)](docs/images/hero-banner.png) > **Signature-based malware scanner and file integrity monitor** for Magento 2 — detects webshells, PolyShell payloads, PHP object-injection attacks, and polyglot files using **regex, literal, filename, and pathglob signatures**. Ships with **quarantine support**, an **admin dashboard**, **scheduled scans**, and **email notifications** so store owners know within minutes if their codebase has been tampered with. **Panth Malware Scanner** is a production-grade security extension for Magento 2 and Adobe Commerce that combines a signature-driven malware scanner with a file integrity monitor. It recursively walks your Magento document root, matches every file against a curated signature catalog (regex patterns, literal byte sequences, suspicious filenames, and path globs), and flags any file that looks like a webshell, backdoor, cryptominer, or injection payload. Critical findings are automatically **quarantined** inside writable upload zones, a detailed admin grid surfaces every detection with file path, signature match, severity, and first-seen timestamp, and **email notifications** alert your team the moment a scheduled scan finds something suspicious. Whether you are hardening a freshly migrated Magento 2.4.8 store, running a post-breach security audit, or just want continuous peace of mind, Panth Malware Scanner gives you enterprise-grade malware detection without the enterprise price tag. --- Live Proof — PolyShell Attacks Blocked on Our Own Stores -------------------------------------------------------- [](#live-proof--polyshell-attacks-blocked-on-our-own-stores) The screenshots below were captured on a production Magento 2.4.8 install running Panth Malware Scanner, during the active **PolyShell** (APSB25-94) exploitation wave that started **March 17, 2026**. Every row is a real attacker request that hit the store and got shut down at the framework layer — no webshell ever executed. [![Panth Malware Scanner admin grid showing 807 blocked malicious requests — real PolyShell attacks against a live Magento 2.4.8 store, April 2026. Attackers targeted /media/custom_options/quote/*.php and /rest/V1/guest-carts endpoints; each request blocked with polyshell-path and base64:R0lGODlh signatures.](docs/images/polyshell-attacks-blocked-live.png)](docs/images/polyshell-attacks-blocked-live.png) **What you're seeing:** 807 blocked malicious requests across 41 pages — attackers probing `/media/custom_options/quote/*.php`, `/pub/media/custom_options/quote/...`, POST bodies starting with `