Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Sansec eComscan is a malware and vulnerability scanning tool from Sansec BV built for ecommerce security. It is not positioned as a general-purpose security scanner; instead, it focuses on fraud, Magecart digital skimming, and hidden malicious code in ecommerce applications such as Magento, Adobe Commerce, Shopware, WooCommerce, and Sylius. Its main selling point is application-aware detection based on years of ecommerce forensics research.
In terms of protection coverage, eComscan detects known malware, vulnerabilities, and ecommerce fraud attack vectors. Sansec says it maintains 50,000+ malware signatures with daily updates. For deployment, it supports Linux and Mac, can be run from the command line, provides manual instructions, and uses a Golang server-side Agent. Compared with remote scanners, it checks not only files but also databases, processes, scheduled tasks, and other locations, making it better suited to finding malicious code hidden on the server side. For management and alerts, when new application-related threats are found, it can send immediate and actionable notifications via email, Slack, or API Webhook. On the integration side, in addition to Slack/Webhook, Sansec also provides ecommerce security threat intelligence to Google VirusTotal.
The page states that eComscan can be used for free, while paid plans provide detailed reports and troubleshooting guides. However, it does not disclose specific pricing, billing units, SLA, support tiers, or payment methods. For compliance, the page mentions PCI Approved Scanning Vendors and Adobe Security Scan as comparison scenarios, and also references Europol training and its VirusTotal collaboration, but it does not list its own compliance certifications.
Its strengths are its vertical focus on ecommerce, fast threat intelligence updates, solid server-side scanning depth, and adoption by 12,000+ global brands and organizations. Its global detection network checks 400,000+ online stores every day and can turn detected anomalies into signatures. The limitations are that it requires server execution access, making it less friendly for pure SaaS merchants or stores without operations teams. General enterprise security, endpoint protection, and WAF capabilities are also not its main focus.
It is best suited for brands, agencies, and incident response teams running self-hosted or managed ecommerce sites such as Magento, WooCommerce, and Shopware, especially businesses concerned about payment-page skimming. The source text provides no information about access from China, so this remains unknown; payment methods are also not disclosed. For users in China who need local support, it may be used alongside host security, WAF, code audits, and the built-in security scanning features of ecommerce platforms.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on ecomscan.com official site.
ecomscan.com is an Netherlands Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach ecomscan.com directly.