phpMussel v2.0 releases: PHP-based anti-virus anti-trojan anti-malware solution

What is phpMussel?

An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository.


  • Licensed as GNU General Public License version 2.0 (GPLv2).
  • Easy to install, easy to customize, easy to use.
  • Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required).
  • Fully configurable based on your needs.
  • Ideal solution for shared hosting services.
  • Ideal solution for forum systems in need of file upload protection.
  • Does NOT require shell access.
  • Does NOT require administrative privileges.
  • CLI mode available (for now, just under Windows, very soon with other OS).
  • Good, strong, stable support base.

Changelog v2.0

  • [2019.05.31; NEW FEATURE; Maikuolan]: Added the ability to automatically switch between different channels when requesting a remote resource (e.g., when the front-end updates page attempts to update something, or attempts to retrieve the latest available component metadata), for whenever such a request fails (e.g., due to server errors, the requested resource no longer existing at a particular location, etc), and added a new configuration directive, “disabled_channels”, to optionally prevent phpMussel from ever requesting resources from particular, specific channels.
  • [2019.06.17; Maikuolan]: Added the ability to optionally update only all signature files to the front-end updates page (as opposed to updating everything at once).
  • [2019.06.27; Maikuolan]: Shifted responsibility for number formatting out from the front-end functions file, into its own, distinct class.
  • [2019.07.10; Maikuolan]: The front-end updates page now sets “verify” as the default option for components, to help reduce the risk that users select “uninstall” or “deactivate” by accident.
  • [2019.07.10; Maikuolan]: Slightly improved front-end pie chart colouring.
  • [2019.07.26; Maikuolan]: Added condition to ensure that “delete” should never be the default option selected for files shown at the front-end file manager.
  • [2019.08.05-06; MAJOR CODE CHANGE; Maikuolan]: Removed PHP 5.4 polyfills, thereby immediately upping the minimum PHP version requirement for the upcoming release. Updated the loader, upping the hardcoded minimum PHP version requirement to PHP 7.2, and removed some no longer needed code. Removed some extraneous .htaccess files (only really need our main .htaccess file in the base of the vault nowadays; the extra .htaccess files in some of the vault’s subdirectories aren’t necessary). Renamed a number of configuration directives in order to better comply with the phpMussel code style guidelines regarding the use of snake_case for configuration directives. Shifted the class autoloader out from the functions file, into the main loader. Added PHP7-style type hinting and return type declarations wherever applicable. Updated all common classes package classes to the latest compatible versions. Added some missing PHPDoc comments.
  • [2019.08.17; Maikuolan]: Reinstated the “lang_override” directive.
  • [2019.08.23; Maikuolan]: Slightly refactored the front-end updates page, related closures and other related functionality, and added the ability to install/activate or to deactivate/uninstall with a single action (previously, these actions had to be done separately, as two actions). Added some new switches/filters.
  • [2019.08.24; Maikuolan]: Added last modified date/time to the file listings at the front-end file manager and fixed a possible issue with correct icon display for some not yet used file formats.
  • [2019.08.31; Maikuolan]: Removed some unnecessary code from the loader, left over from some old features already removed a long time ago.

Download && Tutorial

Copyright (C) 2016 Maikuolan

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services