[Plugin: AntiVirus] Get an unusual error

  • Strategerizer

    (@rneagu)


    11 years, 9 months ago

    Hi,

    I get “virus suspected” email. Going to the AntiVirus setting page in the WP dashboard, I see the following error at the very top of the page (on white page background and the regular Dashboard content being pushed underneath)

    ————-
    Warning: scandir(/home/[…]/public_html/wp-content/themes/komotion/log) [function.scandir]: failed to open dir: Permission denied in /home/[…]/public_html/wp-includes/class-wp-theme.php on line 978

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/[…]/public_html/wp-includes/class-wp-theme.php on line 978

    Warning: Invalid argument supplied for foreach() in /home/[…]/public_html/wp-includes/class-wp-theme.php on line 981
    —————

    There is no other error being displayed on the AntiVirus page but because of the error above it looks like clicking the “Scan the theme templates now” button does not do anything.

    Upon some investigation… Going to my theme folder I see there is a “log” folder in the root of the theme folder. The folder has permission of “111” and inside there is a file archivers.php.

    Is this “log” folder created by AntiVirus??

    Furthermore, as long as that folder is there with 111 permission, I cannot save any pages for a website that uses that theme. If I change permissions to 777, issue get resolved.

    I have WP Multisite ON.

    Any ideas what is going on?

    Thanks!

    http://wordpress.org/extend/plugins/antivirus/

Viewing 15 replies - 1 through 15 (of 15 total)
  • Chris Reynolds

    (@jazzs3quence)

    11 years, 9 months ago

    I have the exact same problem with those errors on my Add Page screen. This is a site that got hit by malware a while back, so I’m guessing it’s related to that. Deactivating the AntiVirus plugin didn’t make the error go away, so I suspect that has nothing to do with the issue, unfortunately. Setting perms to 777 fixes the issue for me, as well, however, I’m skeptical about doing that as a permanent solution as I suspect there’s some lingering infected file somewhere that wants to inject code or php files into that folder…

    Chris Reynolds

    (@jazzs3quence)

    11 years, 9 months ago

    lo and behold, setting permissions to 777 gave me an archivers.php file… :/

    Chris Reynolds

    (@jazzs3quence)

    11 years, 9 months ago

    I was able to resolve the issue by ripping and reinstalling WordPress over ssh via the method posted about here: http://www.dailyblogtips.com/how-to-upgrade-wordpress-via-ssh/

    Hope this helps!

    Chenoa – PayerFusion

    (@chenoa-payerfusion)

    11 years, 3 months ago

    I am currently experiencing this problem as well. On every edit page screen I see this error, as well as the edit theme screen under appearances. I’m currently setting the permissions to 777, but I don’t see any changes.

    I’m not familiar with the SSH method — I’m nervous about using it because this is my company’s main site.

    Any help?

    Thank you!!!

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    @chenoa

    If you’ve got a malicious script on your site, you’re compromised and likely losing business anyway. And if you aren’t yet, you will soon, as your site will likely soon be blacklisted by Google for serving malware.

    If you aren’t familiar or comfortable with SSH, basically all that process does is delete the wp-admin, wp-includes and all the files in the root directory of your WordPress install and replace them with fresh copies. Even then, you may still have rogue code in your wp-content directories, in your plugins and themes, but at least that’s somewhat more manageable than digging through every folder in wp-admin and wp-includes.

    The reason I prefer SSH over FTP (besides that, if you aren’t using secure FTP, FTP alone isn’t the most secure method of transferring files and can expose your password), is that it’s much faster. Doing an rm -rf ./wp-admin takes a second, wheras deleting the entire wp-admin directory via FTP will take several minutes as it digs into each sub-sub-folder and removes each file individually.

    The post I linked to gives a pretty good tutorial, but it is, of course, dependent on your host giving you SSH access.

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    I should point out that if you’re deleting files manually via FTP, DON’T DELETE YOUR WP-CONFIG FILE!!!

    However, that said, wp-config.php is often the target for code injection, so a good idea would be to take a look at that file and see if there’s any code that doesn’t look right at the top or the bottom of the file.

    Chenoa – PayerFusion

    (@chenoa-payerfusion)

    11 years, 3 months ago

    Thanks Chris!

    The error did disappear after I changed the file permissions from 755 to 777 and then back to 755. Also, I found a few corrupt files and cleaned them. I’ll be going through my wp-content folder and replacing plugin files with fresh, updated versions.

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    Good luck! And don’t forget to check your wp-config.php file and just take a quick gander at your other directories to see if there are things in there that don’t look right.

    candrichuk

    (@candrichuk)

    11 years, 3 months ago

    Hi,
    I have recently run into a similar problem as discussed in this post. I uploaded a plugin – WP Bulletin Board (since removed and deleted the files) and it looks like it has conflicted with my theme, Aggregate (Elegant Themes) or loaded some type of malicious script. My site is still functioning but I can no longer access my editor as well I have warning script above the editor area (it has been pushed down below the warning script) and I also have warning script when I open up an existing page to edit it – the script is under page attributes (it has eliminated my page theme option). I have emailed Elegant Themes for some help / assistance and have yet to get a response from them. I am not a techie and am feeling a bit desperate as to how to fix this. Can anyone help me with this problem? I have updated WP to 3.5.1. The script I am getting is as follows:

    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

    Thank you!
    Cheri

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    Sounds like you have a malicious script somewhere on your site. I’d recommend one of the things I posted above here and here.

    If you’re not comfortable cleaning the code yourself, you may want to hire a professional to fix your site.
    http://sucuri.net/

    candrichuk

    (@candrichuk)

    11 years, 3 months ago

    Thank you, Chris!
    I checked out Sucuri and used their free scan of my website and it came out clean – nothing malicious. As I mentioned, I am not technical and do not feel comfortable attempting what you posted above myself. I would rather pay for a service or someone to clean up this mess, however, I want to make sure that Sucuri is the right choice after running the free scan and finding out that my site is clean. If not, what do you recommend?
    Thanks, again, for your help!
    Cheri

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    Sucuri is the best there is. They could tell you for sure if your site is infected or not, but the scandir error sounds really fishy to me. Especially if it just randomly happened.

    Chris Reynolds

    (@jazzs3quence)

    11 years, 3 months ago

    Also, it’s hard for any kind of automated tool to give you an absolute “yea” or “nay”. Their tool is great, but it does miss some things occasionally.

    candrichuk

    (@candrichuk)

    11 years, 3 months ago

    Ok, Sucuri it is! Thanks, again, I really appreciate your help!

    shane pearce

    (@shane-pearce)

    11 years, 2 months ago

    I had the
    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    after installing wpbb plugin
    the way I fixed it was going to the wp-content/themes and setting the permissions on twentyeleven to user read

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘[Plugin: AntiVirus] Get an unusual error’ is closed to new replies.