Is the file really harmful?

  • Resolved thiagorangel

    (@thiagorangel)


    1 year, 10 months ago

    I have granted admin access to a plugin developer to fix some bugs in the plugin. I did a new scan and defender detected 3 files “This plugin file seems modified” and 1 “Suspicious function found” I don’t know how to analyze and compare if it’s really negative. How can I know? Thanks!

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Zafer – WPMU DEV Support

    (@wpmudevsupport15)

    Hi @thiagorangel,

    I hope you are doing well today!

    Please share the details of the results with us so that we can help you further on the analysis if it is false positive or negative.

    You can share the code using a service such as https://pastebin.com which is free to use.

    Please always make sure to use such service to share the code and don’t post the code here directly as it will most likely be unusable.

    Please also note that you can put *** for the parts you want to hide which is related to your domain or hosting details if they are included.

    Kind regards,
    Zafer

    Thread Starter thiagorangel

    (@thiagorangel)

    I apologize, but I don’t know how to use this “pastebin” tool. Below follows the link of the 4 files that the defender is pointed out. Please tell me if I did it right. If I’ve done something wrong like posting in public something I shouldn’t, tell me to delete it. I’m waiting. thank you very much!

    https://pastebin.com/CDPKsNgZ

    https://pastebin.com/Sxc5ujaN

    https://pastebin.com/T6YEQjKV

    https://pastebin.com/kujPnkhQ

    Sorry for any mistakes.

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @thiagorangel

    Thanks for response and sharing Defender results.

    The “tcpdf barcodes” one – this is a false positive. It’s caused by the very specific code in the file that in a way follows certain “patterns” that are very common among various infections. Yet, it’s a “pattern” only and the code itself is not malicious (it’s as it originally is in the plugin).

    As for other three – they all are marked with “file appears” to be modified but outlined differences are slight and don’t seem to be in any way malicious either.

    I’m not much familiar with those particular plugins but it looks like differences related to either “free vs premium version” cases or plugins being outdated (or modified by you/your developer on purpose). But they don’t carry any malware as far as I can see.

    I’d still recommend making sure that everything on site is up to date (WordPress core itself, the theme and all the plugins) but other than this, the files seem fine.

    We can also give them another look if you want to (those three as tcpdf one is fine for sure) but you’d need to fist download those files from server – not the Defender log but the actual files – and then put them all as zip file on your Google Drive, Dropbox or similar and share link to that zip with us.

    Kind regards,
    Adam

    Thread Starter thiagorangel

    (@thiagorangel)

    Hello, thank you very much for your attention and help. Here’s the zip file for analysis, please. Thanks!

    https://drive.google.com/file/d/12SOK_0mTSb3QaJvRh0va2I0LPuHNmiJW/view?usp=drivesdk

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    Hi @thiagorangel

    Thank you.

    I checked those files and I can confirm what I wrote in my previous response – there doesn’t seem to be anything infected or malicious in these files.

    Best regards,
    Adam

    Thread Starter thiagorangel

    (@thiagorangel)

    Thanks so much for the wonderful support! Congratulations!!! I just rated 5…. Success!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Is the file really harmful?’ is closed to new replies.