Running regular malware scans is critical for any Magento 2 store to prevent compromised code or database infections, yet many stores skip this step. The gold standard is Ecomscan by Sansec.io, which supports single-site, scheduled, and bulk scans via CLI or Ansible. This guide shows how to run scans, interpret results, and integrate notifications via Slack or email.

TL;DR

  • One-off malware scan: curl "https://ecomscan.com" | sh
  • Schedule recurring scans via CRON
  • Bulk scan multiple Magento 2 sites using Ansible: GitHub repo
  • Get alerts via Slack or email
  • Free trial available; paid licenses €45–200/month depending on scale

One-Off CLI Malware Scan with Sansec Ecomscan

You can trigger one-off scans from the server CLI by running the following command and following the prompts. It even gives you the option to configure it via CRON for regular future runs.

curl "https://ecomscan.com" | sh

With a little configuration, you can run it on a schedule and get reports or Slack notifications if malware is detected, covering both files and database scans. It even detects issues in WordPress databases if you’re using Fishpig for your blog.

Sansec Ecomscan is the official Magento-specific malware scanner (learn more on Sansec.io), ensuring you’re using a trusted tool with full coverage.

Scheduled Scans via CRON

Sansec Ecomscan can be scheduled using CRON for recurring scans, allowing ongoing protection without manual intervention.

Here’s an example CRON job that runs a scan every 4 hours with delta email notifications, which are only triggered when new issues are found / resolved.

sudo tee /etc/cron.d/ecomscan >/dev/null <<'EOF'
0 */4 * * * root /usr/local/bin/ecomscan [email protected] --key=XXXXXXXXX /var/www/vhosts/prd.example.com/htdocs/current/
EOF

Bulk Scanning Multiple Stores with Ansible

Using the CLI or Ansible, you can automate Magento 2 malware scans across multiple sites, saving time and ensuring consistent monitoring

I also put together a simple Ansible role, that allows me to put together a simple playbook to run Sansec Ecomscan against all the sites I manage from a single command (or even via a scheduled GitHub Action). You can find the role here: GitHub - SamJUK/ansible-ecomscan

This approach is especially useful when managing short-term contract clients across multiple Magento projects.

Understanding Scan Results

While the free trial has limitations, such as redacting the file paths and snippets from the detections. It still provides clear reporting including:

  • Number of malware samples / vulnerabilities detected
  • Creation & modification timestamps
  • Whether the malware was detected in files or database

You can either use this redacted data to aid in a manual cleanup or upgrade to a paid license for full details.

Pricing, Limitations, and Free Trial

The main drawback of Sansec Ecomscan is the cost: €219/month for a single installation license. Agency discounts can reduce this to €54 per site when managing multiple stores. The free trial is limited but atleast allows you to assert whether your store is clean or infected.