Failure: Custom Scan file contents for backdoors, Trojans and suspicious code

  • Resolved backpackingseries

    (@backpackingseries)


    5 years, 10 months ago

    Hello,

    I have run into a scan failure. It has happened few times earlier too, only this time I pursued it and was able to isolate the source of the ‘scan fail’ to one particular test i.e. “Scan file contents for backdoors, Trojans and suspicious code”. The failure message says something as ‘Looks like the scan failed’

    Here’s how I tested: I kept adding scan option incrementally (except High Sensitivity) and all scans were successful. When I finally added the option to “Scan file contents for backdoors, Trojans and suspicious code” – the scan failed. Next, I deselected all other options but “Scan file contents for backdoors, Trojans and suspicious code”. Yet, the scan failed. The last seen (before failure) scan rate (with only one option selected) was about 13500 files per 13.65 seconds.

    My site is on a shared server, with Apache + Fast CGI PHP option (optimized firewall). To fix the problem, I have tried the recommended steps such as increasing the Wordfence Threshold in wp-config file to 600 seconds, selecting the performance option with max time set to 15, etc. I have even manually removed the plugin (per Wordfence guidelines) and reinstalled it afresh. So far, nothing has worked.

    Could this be a bug? If not, can someone here please advise how to resolve this? I am happy to provide more information as required.

    Thank you,

Viewing 5 replies - 1 through 5 (of 5 total)
  • wfchar

    (@wfchar)

    5 years, 10 months ago

    Hi @backpackingseries,

    Would it be possible for you to reproduce the scan failure? If it’s repeatable, please provide the exact failure message you see.

    Once you have the failure message, go to Tools > Diagnostics and select Send Report by Email, and send the report to char@wordfence.com. Please include your forum username in the Forum Username field as well.

    If you also have logs under Log Files, please download and zip those and send the file to the same email address above. Please include your forum username in the subject.

    Thanks!

    Thread Starter backpackingseries

    (@backpackingseries)

    5 years, 9 months ago

    Thank you.

    When I logged in to repeat this test, I found the automated scan had failed (with the progress bar at the Malware section) with the same message. Here’s it is.

    Scan Failed
    The current scan looks like it has failed. Its last status update was more than 3 hours ago. You may continue to wait in case it resumes or stop and restart the scan. Some sites may need adjustments to run scans reliably.

    As advised, I have sent the diagnostic report and log files via email.

    Kind regards

    wfchar

    (@wfchar)

    5 years, 9 months ago

    Hi @backpackingseries,

    The scan option that is displaying in the alert banner, the malware scan, is the most resource intensive scan as it inspects all content of all files. With the “Scan images, binary, and other files as if they were executable” option on, the source of every file, including static files such as images and pdfs, is inspected, which adds further to the overhead required. Unless you know your site is infected, you’ll want to make sure this isn’t checked as image files and PDFs are not executable on Apache servers and therefore aren’t necessary to actively scan as the php file that would leverage a compromised resource would be caught without the “Scan images, binary, and other files as if they were executable” option enabled.

    You can get more detailed information on the message you’re seeing by running the scan with Debug Mode on, which you can toggle at the bottom of the Tools > Diagnostics page. The scan will then show more detailed information. If you check the scan log generated with debug mode on, additional information will be available, such as php error messages and whether it’s stuck on a particular file or folder.

    Can you make sure that the “Scan images, binary, and other files as if they were executable” option isn’t checked, then enable debug mode and rerun the scan?

    Thread Starter backpackingseries

    (@backpackingseries)

    5 years, 9 months ago

    Hi @wfchar,

    Thank you for your response.

    Yes, I confirm that the “Scan images, binary, and other files as if they were executable” option isn’t checked. I flipped it temporarily to test each scenario until I isolated the problem to ‘Malware scan’. Otherwise, and even now, the scan is configured for a Standard Scan option.

    PS: I rerun the scan while typing this note (to verify once before posting) and it went through successfully! It is strange and good! I have sent a report to your email ID, just like last time. I am unsure whether to keep this support thread open or not.

    Kind regards

    wfasa

    (@wfasa)

    5 years, 9 months ago

    Hi @backpackingseries!
    I am closing this thread for now. If you have further issues you are most welcome to start a new thread.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Failure: Custom Scan file contents for backdoors, Trojans and suspicious code’ is closed to new replies.