chronic false positives for safe plugin files

  • Resolved steve1950

    (@steve1950)


    4 years, 1 month ago

    Hi there.

    I love the CleanTalk Malware Scanner. What I don’t love is the chronic false positives (daily) for safe plugin components that get monitored and changed daily.

    At least once a day, I get emails with warning notices for file changes associated with UpDraftPlus and MailPoet 3 — the “these files might be dangerous” type of warning. I’ve checked with the makers of both plugins and have copied them the email notifications I get from CleanTalk. The files are clean, and the daily warning reports are slowly driving me nuts.

    Out of an abundance of caution (because the site I’m currently working is not yet published and there have already been multiple hacking attempts), I also use iThemes Security Pro, and I have WeWatchYourWebsite monitoring everything continuously. Neither iThemes nor WWYW sees the files from UpDraftPlus or MailPoet as suspicious.

    I assume I’m missing something obvious, since I haven’t found a way to get the scanner to stop worrying about files from those two sources. If there’s a way to do this, I’d love know about it.

    Thanks in advance!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author alexandergull

    (@alexandergull)

    Hello @steve1950

    The Security plugin destination is to warn you about any security issues your site files may contain. And the plugin does it.

    For example, a file contains eval (”) construction – it is a sign of suspicious code, and we must warn you about this.

    If you are sure that this is not a security issue you can approve it using the plugin interface https://cleantalk.org/help/files-analysis and this file will never be shown again if there will be no changes made inside this file.

    However, if the suspected file is changed by somebody (f.e. by the plugin developer or by yourself) and the file still contains eval (”) construction, the Security plugin will show this file again in the scan results.

    If you want to exclude any plugin from the scan, you can use the exclusions field in the plugin settings.

    https://tinyurl.com/yy9ecxr9

    Best wishes.

    Hi Steve 1950. Is WeWatchYourWebsite good. Do you know if they will fix my website if it is in quarantine or do they just scan when the site is up and running on the web. I have one site in quarantine and the others no longer work because I deleted files that were not malware like you are talking about and infact, necessary for them to function therefore, 5 of my sites are down.

    Plugin Support katereji

    (@katereji)

    Hello @laurap4wp

    If you have any issues with CleanTalk plugins you can always contact us by our private Ticket System: https://cleantalk.org/my/support/open or by email [email protected].

    Thread Starter steve1950

    (@steve1950)

    Hi there, @laurap4wp.

    I don’t know what WWYW will do if your site is in quarantine, and I’m not sure what they’ll do with the five sites that are down. However, the boss guy, Thomas, is easy to deal with you. I was actually referred to WWYW by the guys at iThemes for a problem their pro security plugin couldn’t handle. I added Security by CleanTalk after that, and I’m still happily using it.

    I had to create an ID for the WWYW guys to get into the site files. They cleaned it up, made sure everything worked, and then begin monitoring it non-stop to make sure nothing else evil gets in there. Then I deleted their login access, per their instructions. So far so good.

    To be clear, I don’t use WWYW as a replacement for CleanTalk (or iThemes, for that matter). I’m using it in addition to them.

    Hope this info helps.

    Plugin Support amagsumov

    (@amagsumov)

    Hello.

    We haven’t heard back from you in a while, so I’m going to mark this thread as “resolved” – if you have any further questions, you can start a new thread.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘chronic false positives for safe plugin files’ is closed to new replies.