承接 akashchakraborty/laravel-shield 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

akashchakraborty/laravel-shield

Composer 安装命令:

composer require akashchakraborty/laravel-shield

包简介

Laravel malware and malicious file scanner

README 文档

README

Laravel Shield Scanner is a security-first Laravel package designed to proactively scan your application for malware, web shells, and suspicious PHP code. It leverages heuristic analysis and offers seamless antivirus integration for enhanced protection. This package is built for a range of hosting environments—shared hosting, VPS, Windows, Linux—and prioritizes safe, reversible actions.

No silent deletes. No unsafe installs. No fake “PHP antivirus” claims.

🔥 Why Laravel Shield Scanner?

Most Laravel security tools are limited to:

  • Dependency scanning
  • Configuration validation
  • File name blacklists
  • Blind file deletion

Laravel Shield Scanner sets itself apart by:

  • Scanning actual file contents
  • Detecting suspicious behaviors, not just names
  • Safely quarantining instead of deleting
  • Functioning even without antivirus installed

✨ Features

Laravel Shield Scanner offers a robust suite of security features tailored for real-world use.

🔍 Heuristic Malware Detection

  • Identifies both common and advanced PHP web shells:
    • Adminer
    • Tiny File Manager
    • WSO
    • c99 / r57
  • Flags code obfuscation techniques:
    • Chains of base64, gzinflate
    • Abuse of rot13, URL decoding
  • Detects dangerous behaviors:
    • Use of eval, assert, system, shell_exec
    • Dynamic execution from user input
  • Ignores file names—focuses on content and behavior

🦠 Optional Antivirus Integration

  • Automatic detection and integration with:
    • ClamAV (Linux)
    • Maldet (Linux)
    • Windows Defender (Windows)
  • Antivirus is optional; heuristic scanning is always active
  • No auto-install, no root access required
  • Safe for shared hosting

🧺 Safe Quarantine System (Recycle-Bin Style)

  • Suspicious files are moved, not deleted
  • Original path is preserved for restoration
  • PHP execution is blocked (via .htaccess)
  • Files are restorable—no permanent loss

♻️ Restore Support

  • Restore all quarantined files
  • Files return to exact original locations
  • Same filename, same content

📄 Daily Isolated Logs

  • Logs are written per day
  • Logs are outside Laravel’s default log
  • Structured JSON format for auditability

⚙️ Smart Installer

  • Creates config if missing
  • Merges only missing keys (preserves user settings)
  • Prepares required directories
  • Never overwrites user settings

📦 Installation

Install the package using Composer:

composer require laravel-shield/scanner

Laravel will auto-discover the service provider.

🚀 Quick Start (Recommended)

1️⃣ Run the Smart Installer

php artisan shield:install

This will:

  • Create config/shield.php if missing
  • Merge missing config keys if outdated
  • Create required directories:
    • storage/laravel-shield-quarantine
    • storage/logs/laravel-shield

2️⃣ Run a Full Security Scan

php artisan shield:scan

🧪 Available Commands

  • 🔍 Full Security Scan

    • php artisan shield:scan
      • Performs heuristic malware scan
      • Runs antivirus scan (if available)
      • Optionally quarantines suspicious files
      • Writes a daily log file
  • 🦠 Antivirus Status

    • php artisan shield:av:status
      • Lists available antivirus engines
      • Provides installation guidance
      • Does not install anything automatically
  • 🔄 Update Antivirus Definitions

    • php artisan shield:av:update
      • Safely updates virus definitions
      • Skips if antivirus is not installed
  • ♻️ Restore Quarantined Files

    • php artisan shield:quarantine:restore
      • Restores all quarantined files to their original paths
  • 🛠️ Smart Installer

    • php artisan shield:install
      • One-time setup command
      • Safe to re-run—never overwrites user config

⚙️ Configuration

The configuration file is located at: config/shield.php

Default configuration:

<?php

return [
    /*
    |--------------------------------------------------------------------------
    | File extensions to scan
    |--------------------------------------------------------------------------
    */
    'scan_extensions' => [
        'php', 'phtml', 'php5', 'php7', 'phar'
    ],

    /*
    |--------------------------------------------------------------------------
    | Enable or disable quarantine
    |--------------------------------------------------------------------------
    */
    'quarantine_enabled' => true,

    /*
    |--------------------------------------------------------------------------
    | Quarantine directory
    |--------------------------------------------------------------------------
    */
    'quarantine_path' => storage_path('laravel-shield-quarantine'),

    /*
    |--------------------------------------------------------------------------
    | Paths to ignore during scanning
    |--------------------------------------------------------------------------
    */
    'ignore_paths' => [
        'vendor', 'node_modules',
    ],

    /*
    |--------------------------------------------------------------------------
    | Daily log file path
    |--------------------------------------------------------------------------
    */
    'log_path' => storage_path('logs/laravel-shield/laravel-shield-' . date('Y-m-d') . '.log'),
];

Important: Adjust ignore_paths in config/shield.php to exclude folders you do not want scanned, and remove folder names from this list if you later want them scanned. If your vendor packages legitimately use functions like eval, consider setting 'quarantine_enabled' => false. This helps avoid quarantining those files by mistake.

🧺 Quarantine System (Details)

  • Files are moved, not deleted
  • PHP execution is blocked using a universal .htaccess
  • Directory listing is disabled
  • Restore metadata is stored in a manifest

Example structure:

storage/laravel-shield-quarantine/
├── .htaccess
├── index.html
└── 2026-01-24/
    ├── files/
    │   └── public_evil.php
    └── manifest.json

📄 Logs

Logs are written daily to:

storage/logs/laravel-shield/
└── laravel-shield-YYYY-MM-DD.log

Each log entry includes:

  • Scan timestamp
  • Severity level
  • Detection reasons
  • File hash (SHA256)
  • Detection engine used

🖥️ Platform Support

Platform Support Details
Linux ✅ ClamAV, Maldet
Windows ✅ Windows Defender
macOS ⚠️ Heuristic only
Shared Hosting ✅ Heuristic only

⚠️ Security Disclaimer

No scanner can guarantee 100% detection. Laravel Shield Scanner:

  • Detects common and advanced PHP malware
  • Uses behavior-based heuristics
  • Integrates real antivirus engines

It does NOT replace:

  • Firewalls
  • WAFs
  • OS-level security
  • Secure development practices

Always follow security best practices.

🤝 Contributing

Contributions are welcome! You can:

  • Suggest detection improvements
  • Help reduce false positives
  • Add new antivirus integrations
  • Improve documentation

Open an issue or submit a pull request.

📜 License

MIT License
Free for personal and commercial use.

⭐ Philosophy

Laravel Shield Scanner follows one rule:

Security should protect — not surprise.

No destructive actions. No hidden behavior. Full control for developers.

🏗️ Process Overview

Below is a simplified flowchart of the scanning and quarantine process:

flowchart TD
    A[User Runs Scan Command] --> B[Heuristic Malware Scan]
    B --> C{Suspicious File Found}
    C -- Yes --> D[Quarantine File]
    C -- No --> E[Continue Scanning]
    D --> F[Log Detection]
    E --> F
    F --> G{Antivirus Integration Available}
    G -- Yes --> H[Run Antivirus Scan]
    G -- No --> I[Finish]
    H --> I
Loading

🗃️ Quarantine and Restore Process

flowchart TD
    Q[File Flagged as Suspicious] --> R[Move to Quarantine Directory]
    R --> S[Block PHP Execution via .htaccess]
    S --> T[Store Restore Metadata]
    T --> U[User Runs Restore Command]
    U --> V[Return File to Original Path]
    V --> W[Remove Quarantine Metadata]
Loading

📝 Key Takeaways

{
    "title": "Non-Destructive Scanning",
    "content": "All actions are reversible. No files are deleted without your explicit approval."
}
{
    "title": "Real-World Hosting Ready",
    "content": "Safe for use on shared hosting, Linux, Windows, and macOS (with limitations)."
}
{
    "title": "No Hidden Behavior",
    "content": "No silent deletes or destructive actions. Full logs and quarantine support."
}

Enjoy peace of mind with Laravel Shield Scanner: security that protects, not surprises.

akashchakraborty/laravel-shield 适用场景与选型建议

akashchakraborty/laravel-shield 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 01 月 24 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 akashchakraborty/laravel-shield 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 akashchakraborty/laravel-shield 我们能提供哪些服务?
定制开发 / 二次开发

基于 akashchakraborty/laravel-shield 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 45
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-01-24