False Positive or Malware?

  • Resolved stephenwp001

    (@stephenwp001)


    8 years, 7 months ago

    Hi,

    Word Fence security plugin has detected a malware issue:

    This file may contain malicious executable code: /home/interwe8/public_html/wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    Filename: wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php

    File Type: Not a core, theme or plugin file.
    Issue First Detected: 2 hours 21 mins ago.
    Severity: Critical
    Status New

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    Is this malware or a false positive please?

    Thanks
    Steve

Viewing 3 replies - 1 through 3 (of 3 total)
  • Adam

    (@adamlachut)

    8 years, 7 months ago

    It’s hard to say without checking the file content or the file checksum, because in UpDraftPlus 1.13.12 there are ‘unpack’ and ‘eval’ in /vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php file.

    So, it may be false positive (if you have 2x ‘unpack’ and 1x ‘eval’) or suspicious code injected if you have more occurrences.

    A.

    wfyann

    (@wfyann)

    8 years, 7 months ago

    Hi @stephenwp001,

    Please have a look at this topic which discusses the same issue.

    Thread Starter stephenwp001

    (@stephenwp001)

    8 years, 7 months ago

    Thanks for your help.

    Its a false positive.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘False Positive or Malware?’ is closed to new replies.

Tags