Malware warning on web host

  • Resolved glenbelt

    (@glenbelt)


    8 years, 8 months ago

    Hi there,

    Firstly great plugin – thanks a lot for developing it!

    I received this warning earlier from my web host and am not sure if it’s just a false alarm but thought I’d share it here in case it wasn’t:

    Malware file log:
    Mar 9 15:36:02 kobe cxs[932537]: [‘/home3/d559755/public_html/websitename.me/wp-content/cache/autoptimize/css/autoptimize_bdbaf3235595871e04da74772eb58264.css’] – ClamAV detected virus = [Html.Exploit.CVE_2016_0108]
    Mar 9 15:36:11 kobe cxs[932538]: [‘/home3/d559755/public_html/websitename.me/wp-content/cache/autoptimize/css/autoptimize_c9baee87b450feed01121a4ef8dec40a.css’] – ClamAV detected virus = [Html.Exploit.CVE_2016_0108]

    Thanks for any help / advice.

    https://www.ads-software.com/plugins/autoptimize/

Viewing 3 replies - 16 through 18 (of 18 total)

  • I get the same error if i’m uploading it with FTP

    https://pastebin.com/j8yt7mzp

    FTP:
    Command: STOR style.css
    Response: 150 Opening ASCII mode data connection for style.css
    Response: 550-Virus Detected and Removed: Html.Exploit.CVE_2016_0108 FOUND
    Response: 550 style.css: Operation not permitted
    Error: File transfer failed

    I hope it’s usefull!

    Bart

    Plugin Author Frank Goossens

    (@futtta)

    OK, status update:

    Quick Summary: seems like these indeed are false positives, I have contacted clam AV for this.

    More detailed;
    * I’ve received a couple of “infected” CSS-files via pastebin (a.o. main style.css of the Avada theme, stylesheet of the Riva Lite theme, …) which at first sight were harmless. I have submitted these as false positives at https://www.clamav.net/reports/fp
    * For people running into this who are using Autoptimize or similar CSS optimizers; either purge the cache and see if that fixes things or disable CSS optimization. If you do the latter, chances are your hoster will identify the “true culprit” after the next scan which (after examination) can be submitted as false positive

    frank

    Plugin Author Frank Goossens

    (@futtta)

    After having submitted a number of false-positives on ClamAV’s site, I received a (vague) mail confirming my

    submissions have been processed and published

    I reached out to a user on AskUbuntu who had the same issue to test if his CSS was now not flagged any more, his reply;

    I can confirm that the CSS files no longer trigger a false positive!

    Based on this I consider this (non-Autoptimize-specific) problem solved, so I can get back to releasing 2.0.1 (probably Sunday in the late evening, CET time) ??

    frank

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Malware warning on web host’ is closed to new replies.