Support » Plugin: NinjaFirewall (WP Edition) » Anti-Malware scan stops after a few seconds

  • Hi,

    the Anti-Malware scan stops after a few seconds and a few hundred files. The dots keep blinking but the file counter stops and the scan never ends with a result.

    If I scan a small directory with a few files like /wp-content/themes and a low timestamp value it works. But if I scan a larger directory like /wp-content/plugins the scan just stops after a few seconds.

    Best regards,
    Matthias

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Can you paste here the content of the Anti-malware log: /wp-content/nfwlog/cache/malscan.log

    Hi,

    here is the log after scanning the /wp-content/plugins directory:

    1485762211: [AX] Entering ajax callback
    1485762211: [AX] POSTing request to https://www.mydomain.de/wp-cron.php
    1485762211: [CR] Starting cron
    1485762211: [CR] Starting malware scan
    1485762211: [CR] Cleaning cache
    1485762211: [CR] Loading NinjaFirewall's signatures
    1485762211: [CR] Looking for potential user-defined signatures
    1485762211: [CR] No user-defined signatures found
    1485762211: [CR] Scanning files
    1485762216: [FW] Fetching signatures from /www/htdocs/path/wp-content/nfwlog/cache/malscan_tot.sigs
    1485762216: [FW] sigs:1929 signatures found
    1485762216: [FW] Fetching result
    1485762242: [CR] Malware found
    1485762242: [CR] Exiting malware scan

    The admin page stopped counting at file 450 and if I reload the page and hit “show previous results” I see this:

    1-{REX}PHP.hexencoded.longstring.1: /www/htdocs/path/wp-content/plugins/wp-to-twitter/wpt-functions.php
    

    Which seems to be a false positive.

    Plugin Author nintechnet

    (@nintechnet)

    1485770793: [FW] sigs:1951 signatures found

    Did you add your own signatures, as it reports 1951 signatures, instead of 1929.
    Can you try to run a scan only with the original signatures, just to see whether the extra signatures could be the problem?
    Also, maybe you can try to have a look at your PHP error log, just in case there were an error or warnings.
    The Anti-malware log looks okay.

    In the log I pasted it states 1485762216: [FW] sigs:1929 signatures found. Why 1951? I didn’t add any custom signatures.
    I checked the error log. Empty.

    Plugin Author nintechnet

    (@nintechnet)

    Sorry, 1951 was the number of signatures used in my local test!

    Did you check your PHP max_execution_time? Maybe it is too low?

    max_execution_time = 60 and memory_limit = 256M. Seems OK.

    Some more info. I can scan certain directories without problems:

    /wp-content/plugins/types (Timestamp = 0)
    Status:

    Loading signatures: 1929 signatures found
    Scan completed: 2437 files
    Processing time: 2 second(s)
    Malware hits: 0

    or

    /wp-admin/
    Status:

    Loading signatures: 1929 signatures found
    Scan completed: 508 files
    Processing time: 0 second(s)
    Malware hits: 0

    But if I scan a larger directory like /wp-content/uploads the scan hangs.

    Plugin Author nintechnet

    (@nintechnet)

    That’s odd because the scan should return an error message in case of a timeout. There is nothing in your PHP log either.
    Also, your server is fast, it can processes 1k+ files per second.

    There must be a bug somewhere.

    Is there any symlink in the /wp-content/uploads?
    Or maybe some restrictions such as files or directories ownership/permission that would prevent the scanner from working?

    I checked the complete installation and couldn’t find any symlinks or ownership/permission problems.

    Next step: I will clone this site to another server to check if it’s a problem with the server or with the site. Maybe this helps.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Anti-Malware scan stops after a few seconds’ is closed to new replies.