Does WF Scan Uploaded Files? (All Types)

  • Resolved jetxpert

    (@jetxpert)


    4 years, 9 months ago

    Good Day!

    As confirmed in this post, Wordfence scans uploaded files for malware.

    Our question is: Are there any Wordfence scanning limitations that we should be aware of? Specifically, are there any file types that Wordfence does not/cannot scan?

    In our case, we allow our customers to upload the following file types:

    doc, dxf, dwf, jpg, jpeg, jpm, pjpeg, png, pdf, ppt, txt, vcf, vsdx, webp, xls, xml

    Last, does Wordfence add some type of code to the uploaded file indicating the file has been successfully scanned? (with a pass or fail indicator)

    Help or further guidance appreciated.

    Thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    4 years, 9 months ago

    Hi @jetxpert, thanks for getting in touch.

    Wordfence will scan all uploaded filetypes. PHP that can be externally executed or run when a site owner opens the file is specifically targeted, as are pattern checks to identify known malware or potentially harmful code within another filetype.

    Having the malicious file upload checks turned on will not alter a file in any way, but simply accept files that pass our checks and block those that don’t. There can be false-positive cases from time to time but we will be happy to verify this and advise you further if this becomes a common issue with the filetypes the users of your site are uploading.

    Thanks,

    Peter.

    Thread Starter jetxpert

    (@jetxpert)

    4 years, 9 months ago

    @wfpeter,

    Thank you for your help. Your information answered our questions.

    If we still suspect a file may contain malware (after scanning) where or how to we send it to Wordfence for additional evaluation?

    Again, thank you. Enjoy your weekend.

    Cheers!

    Thread Starter jetxpert

    (@jetxpert)

    4 years, 9 months ago

    Update:

    We found our answer:

    samples[at]wordfence[dot]com

    Reference:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Cheers!

    wavemediaco

    (@wavemediaco)

    4 years, 5 months ago

    Does the Scan check for javascript calls in uploaded pdf files or executable code that can run when a pdf is opened.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Does WF Scan Uploaded Files? (All Types)’ is closed to new replies.