autoload.php flagged as malware by ImunifyAv

  • Resolved wphyp

    (@wphyp)


    1 week, 6 days ago

    <?php // autoload.php @generated by Composer require_once __DIR__ . '/composer/autoload_real.php'; return ComposerAutoloaderInit073c4378e6831a58e90e195f1ae6ebff::getLoader();

    I found this code in wp-smushit/vendor/autoload.php which is flagged as malware by ImunifyAv. Is it safe or should I clean/delete it?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    1 week, 5 days ago

    Hello @wphyp,

    Hope things are going well for you. Thanks for reporting the situation. We’ll check with our QA team to reproduce the same situation with ImunifyAv.

    Please note that the report could be a false positive, as I’ve reviewed the file at wp-smushit/vendor_prefixed/autoload.php in version 4.0.3 of Smush.

    The file simply checks the PHP version. If it is below 5.6, it will show an error. It loads Composer. There is a hash class name, which is a normal MD5-based identifier that Composer uses to avoid class name collisions.

    In the file, there is no suspicious code.

    However, we’ll review it with ImunifyAv and share more updates here.


    Kind Regards,
    Imran Khan

    Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    1 week, 5 days ago

    Hello again @wphyp,

    I would like to share the update from the QA team. We’ve consulted our hosting team & Smush Developers too during the investigation. They’ve installed ImunifyAV on one of the test VPS servers and performed checks while keeping the actual malware in place. The CLI script detected the actual malware, but it didn’t flag anything in the Smush directory. Whish shows

    However, you mentioned the vendor directory, which isn’t part of the Smush plugin. If you download and extract the official plugin file, you’ll see the plugin has a vendor_prefixed directory for dependencies. If there is any vendor directory present, it’s a bit suspicious.

    Please create a full site backup, deactivate and delete the Smush plugin, then reinstall it. This won’t remove any configuration from the site. It will replace the affected directory. After that, please rescan the site and see if anything is flagged and share the outcome with us.


    Kind Regards,
    Imran Khan

    Thread Starter wphyp

    (@wphyp)

    1 week, 4 days ago

    This is an old backup of a site that I forgot to delete.

    Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    1 week, 4 days ago

    Hello again @wphyp,

    I’m glad that this query is resolved. If you have a moment, I would greatly appreciate it if you could rate our plugin. This will help us keep the plugin available for free.

    https://wordpress.org/support/plugin/wp-smushit/reviews/?view=all#new-post.

    Also, I’m marking this thread as resolved, too.


    Kind Regards,
    Imran Khan

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.