functions.php triggering a malware signature

  • Resolved cleanpagedesign

    (@cleanpagedesign)


    6 years, 7 months ago

    Hi there

    I was having an issue with a site that had your plugin installed (emails being passed to the mail server but not sent). When my host scanned the files, a malware signature was triggered. This is the information they have given me.

    It looks like there is malware on this package which is preventing the PHP Mail function, please see below:

    /public_html/wp-content/plugins/export-all-urls/functions.php: {HEX}Malware.Expert.generic.uploader.2.UNOFFICIAL FOUND

    It looks like the functions.php script is triggering a malware signature of {HEX}Malware.Expert.generic.uploader.2.UNOFFICIAL FOUND. If they can confirm it’s a false positive or not, that would be great.

    I’ve since checked the site with the Sucuri scanner and run a WordFence scan and that’s not flagging up the error. Can you confirm if this is a false positive?

    Thanks very much
    Dom

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Atlas_Gondal

    (@atlas_gondal)

    Hi Dom,

    I’m sorry to hear that you are facing issues and I’m here to help, as much as I can! ??

    This plugin doesn’t contain such type of code, which trigger (or even leads) to malicious activity/behavior. I’m pretty sure your site is infected with some kind of malware which infected this plugin.

    As a quick check, you can compare installed file with original to differentiate the difference:

    Steps to compare:

    • Logon using cPanel of FTP
    • Navigate to: /public_html/wp-content/plugins/export-all-urls/functions.php
    • Compare that code with: Original Code

    If both codes are same then it is false positive, otherwise it is not.

    Click Here to find more detail about that malware.

    Click Here to contact me, for further inquires!

    Have a Good Day! ??

    • This reply was modified 6 years, 7 months ago by Atlas_Gondal. Reason: format correction
    Thread Starter cleanpagedesign

    (@cleanpagedesign)

    Hi Atlas

    Thanks for getting back to me on this. The two files are identical. Must be a false positive. Thanks for your help. Very useful plugin.

    Dom

    Just so you are aware we are also now getting this file being flagged as malware with our hosting provider.

    We’ve also checked the files from a fresh download and there is no difference.

    Definitely a false positive, but you may wish to investigate!

    Steve

    Plugin Author Atlas_Gondal

    (@atlas_gondal)

    @stevegalyer, thanks for reporting. I am aware of the issue and it is difficult to fix the issue because I don’t have enough detail (unless I see it myself). However, I am struggling to find and fix the issue.

    It would be great if you are any other user “who is facing the issue” could share detail about the issue like hosting company, software/module which flagged it etc. So, I can work on fixing it.

    However, I have doubt on one method and I’m re-writing that and hopefully; will get it clear soon.

    Thanks

    hi.. i also facing the same issue.. my hosting sent me the informations as below :

    Information regarding the malware infection we detected is included below.

    ###
    {HEX}Malware.Expert.generic.file.get.contents.0 : /home/selutemy/public_html/wp-content/themes/wplms/functions.php
    {HEX}Malware.Expert.generic.file.get.contents.0 : /home/selutemy/public_html/edutechglobalventure.com/wplms/wp-content/themes/wplms/functions.php
    {CAV}GGS.Team.detection.A : /home/selutemy/public_html/wp-includes/wp-tmp.php
    ###

    what should i do ya? please help me.

    Regards,

    mohd yusni

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘functions.php triggering a malware signature’ is closed to new replies.