quttera
Forum Replies Created
-
Please check number of workers allocated by nginx during service initialization.
In order to run scanner there a need to be 2 or more workers to run multiple HTTP requests in parallel.
Regarding the failed internal scan, can you please share with us scan log, what is printed in the progress window?
This plugin is updated twice weekly to extend detection capabilities and include recently detected malware.
The last released version is 3.4.2.6
Hello, heur.alienfile.gen means that scanner detected unknown file in WordPress core directory which should not be there.
Regarding Heur.CoreFile.gen it means that file signature is different from what it should be which might point to infection
Please send the following file to support[at].quttera.com for further investigation
wp-content/plugins/woocommerce-pdf-invoices-packing-slips/vendor/phenx/php-font-lib/index.php
Thanks you
Hello, yes this plugin is still supported.
Can you please share which kind of error you received upon scan start?
Hi @thewebhostdir ,
Thank you for reporting this issue. Quttera heuristic scanner runs in high sensitivity mode and detects hidden DOM elements as a potential place to hide spam injection.
Please send us the domain name to email support[at]quttera.com our malware research team will review the detection and whitelist it in case of a false positive.
Thank you
Both files were tagged by scanner as suspicious because they are not part of WordPress core files while do locate in WordPress core directories.
Please send us .htaccess file to email support{at}quttera.com for further investigation
Thanks you
Forum: Plugins
In reply to: [Complianz - GDPR/CCPA Cookie Consent] https://complianz.io/ has viruses?@elevas33 Thank you for reporting this issue. Quttera detection capabilities are based on heuristic malware detection engines and might lead to false positive detection. All of the mentioned domains had been verified and removed from the blacklist. Please refer to the latest scan reports.
https://quttera.com/detailed_report/complianz.io
https://quttera.com/detailed_report/www.androidsis.com
Thank you again for your reporting this issue.
Best Regards
Quttera Team.
Please send us this file to address support[at]quttera[dot]com for further investigation.
We will update you on our findings.
Thank you
Hello
The scan process of the plugin relies on WordPress cronjob mechanism which is activated when someone accesses the website.
Please check a list of configured WordPress cronjobs and please verify you see the plugin’s cronjob.
Thank you.
@dfumagalli thank you for the proposal, it was forwarded to the R&D team, will be applied in future versions.
@dfumagalli regarding your comment “File signature == threat signature”, in this case since hash of the file actually different from what it should be we treat the entire file as infection and thus presenting same hash values.
We forwarded your comment to RnD team for further check to see if we can provide more user-friendly reporting.
Thank you.
@dfumagalli, Regarding reinfection,
- please check cronjobs list in cPanel
- if you have ssh/shell to your hosting account, check output of (#crontab -l) command
- Check website access logs maybe one of used plugins suffers from 0-day vulnerability getting exploited
@dfumagalli yes please send it to support AT quttera DOT com with the title “Samples missed by WP plugin”
Thank you so much.
@dfumagalli can we ask you to send us content of the missed plugin?
If you send it in password protected zip AVs will bypass it.Thank you