hi, there is a growing need for a new feature in AVAST that specifically targets web development.
Its quite often that even with all the current standard protections, XSS attacks attacks taking place (most common is iframe injection). Now after your website has been infected and you have been notified by say google, you need to clear the files to get your project back on the roll. (By the way, SOME web hosts provide a very expensive antivirus based security plan. And MOST dont even do that).
For this, one solution is to download the whole project (which could have even 5,000 files) and scan it with AVAST. However, avast wont let you download an infected file without renaming them (i.e. removing their .html or .php extensions). Secondly, this whole exercise will be very slow as it will take a lot of time.
Second solution is what I propose:
A simple new feature. just take in FTP details and scan all files and folders in the FTP location. I.e it will do a server-to-server file check (which can go upto 11mb per sec on a dedicated server). Then AVAST will tell us the list of files that have ISSUES.
However, the only thing here is that we must have a lot of trust in avast as it will be allowed to check (by downloading on its own server) our entire project.
So the second solution I propose is that AVAST should come up with a Developers Version (which should also be free !!!). It will be just a small php project (with a small database) that you will upload to the server that has a project infected. Then you will run the avast project (say AVAST Web Defender) online - on the same server this time as compared to solution 1.
It will first download all definitions (relevant to website attack) from AVAST server to your server and then do a project scan (by asking you to root directory to scan). Then will show you the results.
Once you are done, you can simply lock the Avast Web Defender so that no one could run it (or delete it from location).