Deep scan – deeper needed

  • Resolved jave.web

    (@javeweb)


    7 years, 8 months ago

    I’ve managed to find and remove/repair many infected files. However, a new type of attack has emerged – now the malicious code is hidden inside image and icon files, the PHP then does only include => which is not (quite logicaly) detected by the scan.

    What is needed is to add an option to scan ALL reachable files to find even the malicious code undecovered as “image” or “icon”.

    Would you, please, add this as an option?

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • kendawes

    (@kendawes)

    7 years, 8 months ago

    Have you tried activating the…

    “Scan images, binary, and other files as if they were executable”

    setting under Scan Options?

    Thread Starter jave.web

    (@javeweb)

    7 years, 8 months ago

    Well I’ve tried full high sensitivity scan with everything checked, including
    Scan files outside your WordPress installation
    Scan images, binary, and other files as if they were executable
    And it did not find the icon file actually having malicious PHP content…

    Also PHPs with includes of the actual malicious file were not popped with any warning – it is not normal to write basic characters as character codes e.g. \157 instead of o etc…

    Altough strange thing is that when I wrote a custom file scanner which scanned everything “as if they were executable”. It was found…

    And in general – scan does not always have to do a full scan of the file content – starting with e.g. “does this image even have a image/* mime type” is a good first-sign something’s wrong when common extensions don’t match the mime type they should have…

    Plugin Support wfphil

    (@wfphil)

    7 years, 8 months ago

    Hi,

    If you have copies of the infected files and you are happy to share them with us please send them to [email protected]

    Please also note that the free version of Wordfence has a delay of 30 days for receiving new malware signature updates.

    Thanks.

    Thread Starter jave.web

    (@javeweb)

    7 years, 8 months ago

    @wfphil done. 🙂

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Deep scan – deeper needed’ is closed to new replies.