Home › Forums › Support Forum › Skip Files
This topic contains 7 replies, has 3 voices, and was last updated by Anti-Malware Admin 5 months, 2 weeks ago.
-
AuthorPosts
-
April 10, 2024 at 3:46 pm #123974
Hola, Gracias por tu ayuda
Porque puede que el Plug In Omita Archivos ?
Hi thanks for your help,
Why Does Plug In Skip Files?
April 12, 2024 at 3:03 pm #124115There are a few different reasons that a file might be skipped and is is common to have many skipped files in every scan.
Usually it is because the file are a binary type (like ZIP, EXE, or image files) which cannot be directly executed on the server, sometime it is because they are empty files, so they cannot contain executable code.
If you hover over the file names in the list of skipped files it will tell you why they were skipped.
July 2, 2024 at 1:04 am #130185Thank you @admin. So when I have the message “Because of file size! 70707330 bytes”, it’s because the file is too big? Can I scan this file otherwise?
July 2, 2024 at 10:46 am #130235I’m not sure what file you would even want to scan that would be that large and it could cause performance issues on your server to scan a bunch of large files even if your server was technically capable of doing it.
That said, I have just release a new version of the plugin that allows for an over-ride of the max-file-size by passing the “oversize” value in the URL of the setting page. Well, I can see how that might be hard to understand so I will give you an example to follow:
If you are on the Anti-Malware Settings page then the URL in your browser might look something like this:
domain-name/wp-admin/admin.php?page=GOTMLS-settingsJust add &oversize=72000000 to the end of that URL, like this:
domain-name/wp-admin/admin.php?page=GOTMLS-settings&oversize=72000000Important note: While this will effectively change the internal limit on my plugin for the maximum file size it will scan to around 72MB, it does not guarantee that your server has been configured to allow PHP processes (like my plugin) access to enough memory to process files that large, so you may need to also increase the memory_limit in the php.ini file on your server. You may need to ask your hosting provider how to do that if you are not sure. I would suggest a memory_limit of at least 4 times the size of the file you want to scan.
Also not: This change may also drastically reduce the speed of the scan but it will only be effective as long as you keep that custom oversize value in the URL of your browser. If you come back to the Scan Settings page from the admin menu link then it will be back to the default value.
July 2, 2024 at 10:48 pm #130278Hello admin,
thank you so much for the very clear answer. I will have a deeper look at what files are this size.
I believe we had a database injection and the malware is nowhere to be found so that’s why I’m suspecting any file that doesn’t go through the scanner.
Thank you again,July 5, 2024 at 5:29 am #130585With database injections it is more likely to be some kind of exploit of an un-patched or unknown vulnerability, and it also quite possible that the script responsible for this exploit is not even on the site that is being injected. Any other infection or otherwise compromised website on the same server could easily be used to inject malicious content into your database server for any other website on this host.
July 5, 2024 at 7:46 am #130600Thank you for your input. I did change hosting server in the meantime and got again the redirect on my site with DNS being hijacked as well. Also scanreport from server is clean and wordfence and sucuri scans are clean.
My main suspicion now has to do with an oversized file that couldn’t be scanned through your plugin, wp/content/plugins.zip. So I’m trying to run the plugin with the oversize setting you mentioned or get this file analysed through another tool.July 5, 2024 at 3:24 pm #130628It really won’t do any good to scan a ZIP file since there is no executable PHP code in the compressed binary ZIP. Those ZIP files would have to be uncompressed first so that you could then scan the non-binary text in the files that might contain executable code. If there is malicious code or an exploitable vulnerability on your website then it is far more likely to be something that is new and just has not been documented yet.
The best way to find the source of this infection is to pin down the exact time that the infection occurs and then check you log files to see what scripts are access at that time.
-
AuthorPosts
You must be logged in to reply to this topic.