Anti-Malware Admin

Forum Replies Created

Viewing 15 posts - 16 through 30 (of 668 total)
  • Author
    Posts
  • in reply to: internal server error #133538

    Anti-Malware Admin
    Key Master

    That is very unusual. We will need to know what the error is in order to fix it. Can you please check the error_log files on the server to see what the last few errors are?

    in reply to: fichiers ignorés #133357

    Anti-Malware Admin
    Key Master

    Most of the files that are skipped will be binary file types like images that do not contain executable code so they are not a threat. You can hover over the files listed to see the reason why each one was skipped.

    in reply to: No REsults #132968

    Anti-Malware Admin
    Key Master

    I have just added this new threat to my definition updates. Please download the latest definition update and try the Complete Scan again.

    Let me know if that works for you or if you need more help.

    in reply to: Mailcious and suspicious file remaining #132727

    Anti-Malware Admin
    Key Master

    I can see the redirection on your website, but it seems not to be detected by any of your malware plugin, not even mine, correct?

    If this is not found in your core files after you latest scan then it must be a new threat which is yet undiscovered by any of us Anti-Malware specialists.

    I would like the opportunity to find this new threat if you are willing to grant me access to your site. Please Contact me directly via email with any credentials you are willing to share.

    in reply to: Mailcious and suspicious file remaining #132650

    Anti-Malware Admin
    Key Master

    You don’t need to donate for my plugin to clean any Known Threats that are found. Are you saying that no Know Threats are found when you run the complete scan in my plugin?

    All these results from Quttera are a bit ridiculous, and most of them are clearly False Positives, but if you want to know more about the details of those results you should be asking them not me. There is not enough relevant information in Those results for me to make any real determination about those files without seeing the whole contents of each file.

    I can’t speak for Wordfence or Sucuri either, but if you want to share the results of the Complete Scan using my plugin then perhaps I can give you more suggestions.

    in reply to: Malware undetected by gotmls #132479

    Anti-Malware Admin
    Key Master

    Thank you for posting this reply. I did not see your email until this post prompted me to check my spam folder. Now that I look at your website I can find no trace of this threat that you have asked about. Have you perhaps already found and removed it? Can you tell me where it was found and how you were able to remove it? Also, if you still have a backup of the infected content is there any way that you could share it with me so that I could still get this added to my definition updates?

    in reply to: Remote Scan Execution #132299

    Anti-Malware Admin
    Key Master

    Unfortunately the current scan engine can only be invoked and render results with an active browser session. I am working on a new scan engine that will be able to store results and would then be able to be scheduled but there are quite a few steps to take before that change will be possible. I will surely let you know when I have a Beta version available for testing.

    in reply to: Malware undetected by gotmls #132296

    Anti-Malware Admin
    Key Master

    I would like to add this definition right away, however I will need to see more than just a snippet of the code if I am to do anything meaningful with it. Can you please point me to the full source code in question?

    I link to the infected page will do, if it is still showing the infected script, or else please send me the entire text from the source code of the page so that I can see how and where it is embeded and ensure that I can identify ALL of the malicious code and not leave behind any broken or partial code that might otherwise cause a syntax error on the site when only partially removed.

    You can email me directly if you do not to devulge any personal information on this forum.

    in reply to: Brute-force Protection #131250

    Anti-Malware Admin
    Key Master

    If you copied infected files from one website into the directory structure to another site then you may have copied the source of the infection, or the back-door/vulnerability that caused the infection, onto this new site.

    There is no Software/Firewall that can protect your website from an infection that is placed there by a system admin.

    To help you sort out this issue and find the active cause of this infection I would need to see the files on the infected site(s). Can you send me a link to the websites that are currently not working and maybe include the error_log files from the server?

    You can email me directly with any private or otherwise sensitive data: eli AT gotmls DOT net

    in reply to: Skip Files #130628

    Anti-Malware Admin
    Key Master

    It really won’t do any good to scan a ZIP file since there is no executable PHP code in the compressed binary ZIP. Those ZIP files would have to be uncompressed first so that you could then scan the non-binary text in the files that might contain executable code. If there is malicious code or an exploitable vulnerability on your website then it is far more likely to be something that is new and just has not been documented yet.

    The best way to find the source of this infection is to pin down the exact time that the infection occurs and then check you log files to see what scripts are access at that time.

    in reply to: Skip Files #130585

    Anti-Malware Admin
    Key Master

    With database injections it is more likely to be some kind of exploit of an un-patched or unknown vulnerability, and it also quite possible that the script responsible for this exploit is not even on the site that is being injected. Any other infection or otherwise compromised website on the same server could easily be used to inject malicious content into your database server for any other website on this host.

    in reply to: Paid Membership Pro "known threats" #130388

    Anti-Malware Admin
    Key Master

    Thank you for sending me those files. I have confirmed that these are in fact False Positives, and I have just released a new definition update that fixes this pattern so that these files will no longer be detected as Known Threats.

    Please download the latest definition updates and confirm that those files are no longer flagged in your your next scan.

    in reply to: Paid Membership Pro "known threats" #130332

    Anti-Malware Admin
    Key Master

    Can you please send me a ZIP file of the plugin in question?

    You can email it directly to me as an attachment or you can upload it to a file sharing site and send me a link if it is too big to email.

    I can then take a look at the code and tell you if it is malicious or if it is a False Positive.

    in reply to: Skip Files #130235

    Anti-Malware Admin
    Key Master

    I’m not sure what file you would even want to scan that would be that large and it could cause performance issues on your server to scan a bunch of large files even if your server was technically capable of doing it.

    That said, I have just release a new version of the plugin that allows for an over-ride of the max-file-size by passing the “oversize” value in the URL of the setting page. Well, I can see how that might be hard to understand so I will give you an example to follow:

    If you are on the Anti-Malware Settings page then the URL in your browser might look something like this:
    domain-name/wp-admin/admin.php?page=GOTMLS-settings

    Just add &oversize=72000000 to the end of that URL, like this:
    domain-name/wp-admin/admin.php?page=GOTMLS-settings&oversize=72000000

    Important note: While this will effectively change the internal limit on my plugin for the maximum file size it will scan to around 72MB, it does not guarantee that your server has been configured to allow PHP processes (like my plugin) access to enough memory to process files that large, so you may need to also increase the memory_limit in the php.ini file on your server. You may need to ask your hosting provider how to do that if you are not sure. I would suggest a memory_limit of at least 4 times the size of the file you want to scan.

    Also not: This change may also drastically reduce the speed of the scan but it will only be effective as long as you keep that custom oversize value in the URL of your browser. If you come back to the Scan Settings page from the admin menu link then it will be back to the default value.

    in reply to: PHP session #129362

    Anti-Malware Admin
    Key Master

    I just wanted to post a followup here for anyone who was seeing this error on their Site Health page. In the latest release of my plugin I have fixed the Brute Force Login Protection so that the session_start call does not conflict with the REST API or any other sessions created after my own session check is complete.

    Just to clarify one point on Richard’s post, session start has not been deprecated in PHP 8.1 or any other version of PHP currently available and I don’t expect it ever will be, but there are many reasons why sessions might fail on a server that does not have a properly configured temp space and the right permissions to create session cookies on the server. Therefore, I have engineered a backup technique for saving session info to temp files when the session_start fails to initialize a persistent session. Please try the new version and let me know if you have any other issues with this patch.

Viewing 15 posts - 16 through 30 (of 668 total)