Its some kind of false positive from some fairly unknown Vietnamese antivirus.
There are no webshells or any other kids of security issues with SNAP. SNAP is open source and it was extensively checked several times by wordpress.org staff as well as by open source community. There were no security issues found.
Most probably that “not so bright” antivirus reacted to the part of the code where SNAP asks for credentials of the networks where you would like to autopost or to the part where SNAP implements some upload functions or the part where SNAP encodes content before submitting it to social networks.
We did some research by trying to determine what part of the plugin it doesn’t like.
It turns out that pseudo-antivirus just reacts to some specific combination of words in one file.
So in our case if the file contains words:
php
function
curl
Upload
Img
URL
array
Mozilla/5.0
preg_replace
some random unicode characters
Bkav will report it as “CPR.Webshell”
Here you can try. Please create a .txt file with this 5 lines of totally meaningless code that does absolutely nothing.
<?php
function nxs_curlUploadImg(){//nxs_curlUploadImg
array('U'=>'Mozilla/5.0','R'=>$remURL);
preg_replace('/(?>[x1F]\xC2\x80-\x9F][\x80-\x8F]|[\xA4-\xA8]|\xE2\x81[\x9F\])/');
}
Check this file with virusTotal. It will give you the same report.
