WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: AntiVirus] is this virus or not? (6 posts)

  1. mike58
    Member
    Posted 4 years ago #

    today I got a message that the plugin has found virus. I have a couple of red markings which has a variation of this message:

    <?php include (TEMPLATEPATH . '/paginate.php'); ?>

    but this is no malware code - or is it..???

    any comment on this is appreciated...

    mike

    http://wordpress.org/extend/plugins/antivirus/

  2. Samuel B
    moderator
    Posted 4 years ago #

    that is just a false positive - no worries

  3. mike58
    Member
    Posted 4 years ago #

    thanks a lot samboll!!!;)

    (think I posted slightly in wrong thread....)

    I use the antivirus for wordpress. they donĀ“t have support and just a few threads here...

    thanks again!

    mike

  4. Meini
    Member
    Posted 4 years ago #

    that is just a false positive - no worries

    @samboll, could you please explain why that is a false positive? How do we know paginate.php is clean?

    Thanks

  5. ClaytonJames
    Member
    Posted 4 years ago #

    It think it might be possible that the antivirus plugin has keyed in on the "include" phrase rather than paginate.php itself.

  6. Meini
    Member
    Posted 4 years ago #

    Well, here is the answer to my own question: If AntiVirus also reports that the file paginate.php itself is clean, then including that file with the php 'include' statement must be ok and can only be a false positive. Obviously an include statement could be the product of a virus as it would be a convenient way of injecting malicious code, without changing the original file much. Correct me if I am wrong...

    Having said that, here is a suggestion for improvement to the author: Scan the files twice before returning any results to the user. That way you can eliminate the false positives produced by the include statement, because after the first scan you know if the included file is clean. But I am not an AntiVirus expert. This is all based on observations and assumptions.... :)

    Cheers

Topic Closed

This topic has been closed to new replies.

About this Topic