The invention discloses a method and apparatus for detecting a WebShell file. According to the method, on the basis of variable backtracking and an abstract syntax tree, webshell detection is carried out on a plurality of files in a catalogue; a suspicious file screening process, a feature matching detection process, an abstract syntax tree analysis and detection process, an irrelevant code removing process and a mathematical formula detection process are executed successively and then a determined webshell file is outputted. In addition, the detection apparatus comprises a suspicious file screening unit, a feature matching unit, an abstract syntax tree detection analysis unit, an irrelevant code removing unit, and a mathematical formula detection unit; and the units are used for realizing webshell file detection. According to the technical scheme disclosed by the invention, webshell detection can be realized comprehensively, systematically, rapid, and accurately; the detection efficiency is high; and the false alarm rate is low; and thus web service security can be guaranteed.