WordFence Plugin saying Sendy files are possibly infected

  • Resolved webauthor

    (@webauthor)


    8 years, 2 months ago

    If anyone here is using Sendy (https://sendy.co/), could you please do a site scan. Make sure that your WordFence settings include “Scan files outside your WordPress installation” – then save and run your scan. Please let me know if you’re getting the same warnings.

    WordFence is reporting the following 3 files are possibly infected or malicious:
    ==========================================================
    File appears to be malicious: sendy/_install.php
    Filename: sendy/_install.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 3 mins ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “${“\x47LO\x42A\x4c\x53”}[“. The infection type is: f649 infection

    File appears to be malicious: sendy/includes/functions.php
    Filename: sendy/includes/functions.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 3 mins ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “${“\x47L\x4f\x42\x41LS”}[“. The infection type is: f649 infection

    File appears to be malicious: sendy/js/ckeditor/plugins/codemirror/js/codemirror.mode.php.min.js
    Filename: sendy/js/ckeditor/plugins/codemirror/js/codemirror.mode.php.min.js
    File type: Not a core, theme or plugin file.
    Issue first detected: 3 mins ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eval include include_once isset list require require_once return print unset __halt_compiler self static parent yield insteadof finally”;var i=”true false null TRUE FALSE NULL __CLASS__ __DIR__ __FILE…”. The infection type is: Suspicious eval with base64 decode.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi,

    There are 2 files in Sendy _install.php and /includes/functions.php which are obfuscated by an obfuscation software for anti-piracy purposes. Some anti-virus software may flag these files but they are false alarms. There are no viruses and there is nothing to worry about.

    As Wordfence’s message suggest:

    If you know about this file you can choose to ignore it to exclude it from future scans

    Hence, exclude the 2 files _install.php & /includes/functions.php from future scans.

    Thanks.

    Best regards,
    Ben

    Thread Starter webauthor

    (@webauthor)

    Good to hear it. Both Sendy and Word fence are amazing. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordFence Plugin saying Sendy files are possibly infected’ is closed to new replies.