Thanks for your work on this. I’m not super concerned at this stage.
I can live with a false positive and carry on with site development knowing that we aren’t chasing around real hacks.
Thanks again for the great plugin!
Our server techs say the following:
We are using clamscan for scanning malwares in servers. This clamscan script is configured with virus signatures from maldet also. The files “plugins/gotmls/images/index.php” seems false positive.
I have a managed server. I will ask them and see if they know where they get the definitions from right away.
First up I love your plugin. So many headaches saved! Thanks for this!
Now the issue we found: We ran a server scan this morning to verify that our server was clear of Virus/malware.
Our server scan came back with the following.
=======/home/REDACTED/public_html/wp-content/plugins/gotmls/images/index.php: YARA.WebShell_Generic_PHP_5.UNOFFICIAL FOUND/home/REDACTED/public_html/wp-content/plugins/gotmls/images/index.php: YARA.WebShell_Generic_PHP_5.UNOFFICIAL FOUND/home/REDACTED/public_html/wp-content/plugins/gotmls/images/index.php: YARA.WebShell_Generic_PHP_5.UNOFFICIAL FOUND/home/REDACTED/public_html/wp-content/plugins/gotmls/images/index.php: YARA.WebShell_Generic_PHP_5.UNOFFICIAL FOUND———– SCAN SUMMARY ———–Known viruses: 5829644Engine version: 0.99.2Scanned directories: 31118Scanned files: 281585Infected files: 4Data scanned: 9016.72 MBData read: 32227.27 MB (ratio 0.28:1)Time: 1209.127 sec (20 m 9 s)=======
I looked through the PHP files but I didn’t see anything suspicious such as encoded or weird looking code.
I suspect it is a false positive but I reckoned I would just check in here to be certain.
Let me know if you would like me to send you a copy of the PHP file.
