Anti-Malware scan hangs

  • Resolved barnez

    (@pidengmor)


    10 years ago

    Hi,
    Similar problem to @reeve here. Scanning hangs at 1774 files. I ran your script and get:

    Max execution time is set to: 30 seconds
Attempting to change it via 'ini_set': Success.
Attempting to change it via 'set_time_limit': Success.

    Scanning also hangs on another site with same host. Both are on shared hosting.

    https://wordpress.org/plugins/ninjafirewall/

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    Hi

    Does it hang before or after the 30 seconds limit?

    Did you check your HTTP and PHP error logs if there was anything related to that issue?

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    Hi,

    It hangs about 40 seconds after I start the scan. Nothing in the PHP error_log. The HTTP access logs have many of the following:

    xx.xx.xx.xx - - [16/May/2016:19:39:43 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 27 "http://www.xxxxx.com/wp-admin/admin.php?page=nfsubmalwarescan" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
xx.xx.xx.xx - - [16/May/2016:19:39:46 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 27 "http://www.xxxxx.com/wp-admin/admin.php?page=nfsubmalwarescan" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
xx.xx.xx.xx - - [16/May/2016:19:39:48 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 27 "http://www.xxxxx.com/wp-admin/admin.php?page=nfsubmalwarescan" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
xx.xx.xx.xx - - [16/May/2016:19:39:50 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 27 "http://www.xxxxx.com/wp-admin/admin.php?page=nfsubmalwarescan" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
xx.xx.xx.xx - - [16/May/2016:19:39:52 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 27 "http://www.xxxxx.com/wp-admin/admin.php?page=nfsubmalwarescan" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0"
    Thread Starter barnez

    (@pidengmor)

    10 years ago

    Those are the final 5 logs.

    Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    The log looks like you hit the 30-second limit.
    That’s odd because the script you ran showed no error while trying to change the value of the PHP max_execution_time directive.

    Can you ask your host if you can change max_execution_time at run-time (from a PHP script) or from your website PHP INI? And what maximum value you can use?

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    Thanks for getting back. I checked with my host and they state that they only allow 30 seconds maximum on their shared hosting account, so it looks like this feature will not work for a full scan (timestamp = 0). However, it does work on (timestamp = 7).

    Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    See my answer here.

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    That solution of splitting the files for the initial scan works great on one of the sites, and from now on I will just scan files modified in last x days.

    On the other site the Anti-Malware feature was working but now throws the following error:

    Error: NinjaFirewall's built-in signatures cannot be found. You do not appear to have any user-defined signatures either. The scanning process cannot be started.

    I tried removing the trailing ‘8’ from /lib/nf_sub_malwarescan.php you suggest here, but that hasn’t helped.

    I have the sigs.php file in /lib/share

    Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    That’s a bit worrisome.
    What happens if you copy it to the user signatures folder /wp-content/nfwlog/sigs/sigs.sig? Do you see sigs.sig in the signatures list in the Anti-Malware page?

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    Hi,

    This is a little odd. I went to move the sigs.php file from /lib/share as you suggest, but now find that it has been renamed sigs.php.infected. Do you think that my host’s server level security could have scanned the file, found the signatures and renamed it through a false positive?

    Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    It definitely comes from your host.
    If you rename it to whatever.sig and whatever.txt, will they rename those two files too? You may need to wait a while.

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    I renamed the sigs.sigs file to trial.sigs and trial.txt on Site 1 and left them for 24 hours. Both files remain in place and have not been renamed. Site 2 (with the same hosts but on a different server) has the original sigs.sigs file without being renamed.

    It seems on Site 1 that either:
    a) the host scan has missed/ignored the file now that it is renamed
    b) the scan frequency is set to a longer period that 1 day

    Plugin Author nintechnet

    (@nintechnet)

    10 years ago

    I already renamed it to sigs.txt in v3.2.2 which will be released at the end of this week.
    In the meantime, you can rename it in the nf_sub_malwarescan.php script. There are two occurrences:
    #1: https://plugins.trac.wordpress.org/browser/ninjafirewall/tags/3.2.1/lib/nf_sub_malwarescan.php#L72
    #2: https://plugins.trac.wordpress.org/browser/ninjafirewall/tags/3.2.1/lib/nf_sub_malwarescan.php#L491

    Thread Starter barnez

    (@pidengmor)

    10 years ago

    Perfect. Malware scan now loading and working fine with the renamed sigs.txt file on Site 1!

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Anti-Malware scan hangs’ is closed to new replies.

  • 13 replies
  • 2 participants
  • Last reply from: barnez
  • Last activity: 10 years ago
  • Status: resolved