Title: Deep scan – deeper needed Last modified: September 14, 2018 --- # Deep scan – deeper needed * Resolved [jave.web](https://wordpress.org/support/users/javeweb/) * (@javeweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/) * I’ve managed to find and remove/repair many infected files. However, a new type of attack has emerged – now the malicious code is hidden inside image and icon files, the PHP then does only include => which is not (quite logicaly) detected by the scan. * What is needed is to add an option to scan ALL reachable files to find even the malicious code undecovered as “image” or “icon”. * Would you, please, add this as an option? * Thanks. Viewing 4 replies - 1 through 4 (of 4 total) * [kendawes](https://wordpress.org/support/users/kendawes/) * (@kendawes) * [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/#post-10691510) * Have you tried activating the… * “Scan images, binary, and other files as if they were executable” * setting under Scan Options? * Thread Starter [jave.web](https://wordpress.org/support/users/javeweb/) * (@javeweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/#post-10691974) * Well I’ve tried full high sensitivity scan with everything checked, including _Scan files outside your WordPress installation Scan images, binary, and other files as if they were executable And it did not find the icon file actually having malicious PHP content… * Also PHPs with includes of the actual malicious file were not popped with any warning – it is not normal to write basic characters as character codes e.g. `\ 157` instead of `o` etc… * Altough strange thing is that when I wrote a custom file scanner which scanned everything “as if they were executable”. It was found… * And in general – scan does not always have to do a full scan of the file content– starting with e.g. “does this image even have a image/* mime type” is a good first-sign something’s wrong when common extensions don’t match the mime type they should have… * Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/) * (@wfphil) * [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/#post-10703190) * Hi, * If you have copies of the infected files and you are happy to share them with us please send them to [samples@wordfence.com](https://wordpress.org/support/topic/deep-scan-deeper-needed/samples@wordfence.com?output_format=md) * Please also note that the free version of Wordfence has a delay of 30 days for receiving new malware signature updates. * Thanks. * Thread Starter [jave.web](https://wordpress.org/support/users/javeweb/) * (@javeweb) * [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/#post-10704449) * [@wfphil](https://wordpress.org/support/users/wfphil/) done. 🙂 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Deep scan – deeper needed’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 4 replies * 3 participants * Last reply from: [jave.web](https://wordpress.org/support/users/javeweb/) * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/deep-scan-deeper-needed/#post-10704449) * Status: resolved