quttera
Forum Replies Created
-
Forum: Reviews
In reply to: [Quttera ThreatSign – Web Malware Scanner for WordPress] Works well!Thank you so much, it is much appreciated!
If it is still available, can you please share with us the investigation report with these FPs thus we could whitelist it on a plugin basis?
Thank you so much for the update.
The QTR_FS_SNAPSHOT force plugin to store operational data as a file and not as an option into WordPress database.
Are you able to run the internal scan on your website?
Thank you for the update.
Please add the following PHP directive in wp-config.php file and run the internal scan once again.
define('QTR_FS_SNAPSHOT', true);This will force the plugin to keep the investigation snapshot as a file and not as an option in WP database.
Forum: Plugins
In reply to: [Quttera ThreatSign – Web Malware Scanner for WordPress] localizatioThank you for pointing this out.
Unfortunately, malware scanner reports provided but our malware scanner engine could not be localized and translated to other languages thus we also blocked localizing the plugin as well.
Anyway, thank you so much for the suggestion.
Hello,
Based on the provided log, WordPress fails to store in options table scan job parameters containing scan task details and thus stuck
ERROR Failed to update option qtr_scan_cron_argsCan you please check the PHP error log for the website it may contain more information on the failure?
Forum: Everything else WordPress
In reply to: wp-crontrol.php triggering quttera errorHere is the malware research team verdict:
We didn’t find malicious/suspicious lines in the code. But I think others
might detect it as it performs hooking in order to manage cron jobs.We will whitelist plugin detection in the next version release
Forum: Everything else WordPress
In reply to: wp-crontrol.php triggering quttera errorOur malware research team will investigate it deeper as well.
Forum: Everything else WordPress
In reply to: wp-crontrol.php triggering quttera errorThe code in github (https://github.com/johnbillion/wp-crontrol/blob/develop/wp-crontrol.php) is clean.
From the initial investigation, we didn’t find malicious activity.
The detection occurred using the normal scan or high sensitivity scan?
Forum: Everything else WordPress
In reply to: wp-crontrol.php triggering quttera errorCan you please send us the detected file for the manual investigation?
The canonical.php is a malware shell/backdoor script allowing full access and modification of files on the website.
wpmu-sitewide-plugins.php allows website plugins manipulation directly without access to the WP admin dashboard.
I would suggest quarantining this file (rename it to something else) and check which exact functionality it will break.Thank you,
I just downloaded sources of WP 5.6.1 from ww.wp.xz.cn and cannot locate wp-admin/wpmu-sitewide-plugins.php in the downloaded archive.
Can you please send to support[at]quttera.com the following files for investigation
wp-admin/wpmu-sitewide-plugins.php
wp-includes/SimplePie/Canonical.php-VIRUS-SUSPECTEDWe will investigate them and update you.
During the scan, our plugin download hashes of WP core files from api.ww.wp.xz.cn and compares all files in WP core directories against the downloaded checksums.
If a file locates in WP core directory but its MD5 value could not be found among the downloaded hashes, the plugin will report such a file as “Heur.AlienFile.gen”
Can you please share which WP version are you on your web site?
During the scan, our plugin verifies that no one of core files had been modified by comparing files signatures.
The mentioned report means that some of WordPress core files on your site had been modified.
We would suggest to download WordPress sources and compare it with what you have on your site.
Best Regards
Quttera TeamThank you for the provided information.
Yes, this detection seems to be a false positive, we are working to whitelist it on our side.
Thank you so much for reporting this issue!
Hello @ontheroad,
Can you please share if that detection occurs using high sensitivity scan?
We are checking the issue on our side.
Thanks,
Quttera Team.