Title: False warnings
Last modified: November 30, 2020

---

# False warnings

 *  Resolved [luciusab](https://wordpress.org/support/users/luciusab/)
 * (@luciusab)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/false-warnings-2/)
 * I just did a High Sensitivity-scan, and got the following warnings.
    I have tried
   reviewing the files but cant see anything suspicious about it?
 * Are they all false warnings?
 *     ```
       =======================================================================
       Quttera Web Malware Scanner plugin for WordPress
       Website Malware Scan Report
   
       Scanned Website: https://autohouse.se
       Scan type: Internal
       Report generation time: 2020-11-30 11:53
   
       Scan launch time: 2020-11-30 11:43
       Scanned files: 7530
       Clean: 7518
       Potentially Suspicious: 6
       Suspicious: 0
       Malicious: 6
   
       © 2020 Quttera Ltd. All rights reserved.
       For any questions about this report: support@quttera.com
       =======================================================================
   
       FILE: wp-config.php
       FILE_MD5: 2ac96ee0d4e3bbc41e8cfd0bbcda40b6
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: c5a76ef1cc34e95ebd0f0807f9830a86
       THREAT_NAME: Heur.PHP.Injection.gen
       THREAT: @include_once('/var/lib/sec/wp-settings.php');...
       DETAILS: Detected potentially suspicious PHP instruction
   
       FILE: wp-content/themes/Divi/epanel/custom_functions.php
       FILE_MD5: 9e9fb49ba721f0f2fa8e6514bb32874d
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 62312b13d39a912e67a88ed59407cb38
       THREAT_NAME: Heur.PHP.iframe.gen.38
       THREAT: preg_replace( '@\[et_pb_post_nav[^\]]*?\].*?\[\/e...
       DETAILS: Detected malicious iframe injection
   
       FILE: wp-content/themes/Divi/epanel/core_functions.php
       FILE_MD5: eb9669d7d055c5c52d54fb55478e8975
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: ef106fef01938dd1310a10059618bea0
       THREAT_NAME: Heur.PHP.Redirection.gen
       THREAT: <?php // Prevent file from being loaded directly if ( ! ...
       DETAILS: Detected malicious redirection header
   
       FILE: wp-content/plugins/divi-machine/includes/ajaxcalls/post-ajax.php
       FILE_MD5: b8d4f5d2d2ca643b6754acbb1f95d5dd
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: cfa635b2aec3de61e9dd47b6b1f3dd99
       THREAT_NAME: Heur.PHP.iframe.gen.38
       THREAT: preg_replace( '/e...
       DETAILS: Detected malicious iframe injection
   
       FILE: wp-content/plugins/worker/src/Monolog/ErrorHandler.php
       FILE_MD5: e5dfac51472948efbfe69c25f1013605
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
       THREAT_NAME: Heur.HTML.Defacement.gen.F4248
       THREAT: Fatal Error...
       DETAILS: Website Potentially Defaced
   
       FILE: wp-content/plugins/divi-machine/includes/modules/ACFItem/ACFItem.php
       FILE_MD5: 416b00de2b2e86981abe41d55022fd64
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: cfa635b2aec3de61e9dd47b6b1f3dd99
       THREAT_NAME: Heur.PHP.iframe.gen.38
       THREAT: preg_replace( '/e...
       DETAILS: Detected malicious iframe injection
   
       FILE: wp-content/plugins/divi-machine/includes/modules/ArchiveLoop/ArchiveLoop.php
       FILE_MD5: 1741ba0028b668bf67d393d872c41c06
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: cfa635b2aec3de61e9dd47b6b1f3dd99
       THREAT_NAME: Heur.PHP.iframe.gen.38
       THREAT: preg_replace( '/e...
       DETAILS: Detected malicious iframe injection
   
       FILE: wp-content/plugins/worker/src/PHPSecLib/Crypt/RSA.php
       FILE_MD5: 5d6f739b62a38e525d61a32e42ed6cd4
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: aa287849d27e17069b104ffd6559823d
       THREAT_NAME: Heur.PHP.Encoded.gen.271C
       THREAT: \x2a\x86\x48\x86\xf7\x0d\x01\x05\x03...
       DETAILS: Potentially suspicious obfuscated PHP threat
   
       FILE: wp-content/plugins/worker/src/MWP/EventListener/PublicRequest/CommandListener.php
       FILE_MD5: a6a9cbaa5dfaf02c654ec60440cb8fb6
       SEVERITY: enMaliciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 3da4bfb7e1f1ac00e96463e1ec820dc0
       THREAT_NAME: Heur.PHP.Fopen.gen
       THREAT: <?php /* * This file is part of the ManageWP Worker plug...
       DETAILS: Detected malicious PHP file operation
   
       FILE: wp-content/plugins/wp-mail-smtp/vendor_prefixed/monolog/monolog/src/Monolog/ErrorHandler.php
       FILE_MD5: f639bc7d3466ead93ed0f51ebb7bfbc9
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
       THREAT_NAME: Heur.HTML.Defacement.gen.F4248
       THREAT: Fatal Error...
       DETAILS: Website Potentially Defaced
   
       FILE: wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/spellchecker/plugin.min.js
       FILE_MD5: 8dab73e3b0d0f39e4d980e6612de874b
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 9c1c8c88d1af2bfbbfc19d4391687b18
       THREAT_NAME: Heur.PHP.Encoded.gen.271C
       THREAT: \xa7\xa9\xab\xae\xb1\xb6\xb7\xb8\xbb\xbc\xbd\xbe\xbf\xd7\xf7...
       DETAILS: Potentially suspicious obfuscated PHP threat
   
       FILE: wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/spellchecker/plugin.min.js
       FILE_MD5: 8dab73e3b0d0f39e4d980e6612de874b
       SEVERITY: enSuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 9c1c8c88d1af2bfbbfc19d4391687b18
       THREAT_NAME: Heur.PHP.Encoded.gen
       THREAT: \xa7\xa9\xab\xae\xb1\xb6\xb7\xb8\xbb\xbc\xbd\xbe\xbf\xd7\xf7...
       DETAILS: Generic suspicious HEX encoder
   
       FILE: wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/plugins/wordcount/plugin.min.js
       FILE_MD5: 2d965f9bc174bec190d0dbd902c4a6c1
       SEVERITY: enPotentiallySuspiciousThreatType
       ENGINE: fscanner
       THREAT_SIG: 3c0af43f54ccdeca17f785103e6aad50
       THREAT_NAME: Heur.PHP.Encoded.gen.271C
       THREAT: \xa1\xab\xb7\xbb\xbf...
       DETAILS: Potentially suspicious obfuscated PHP threat
       ```
   

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/false-warnings-2/#post-13725266)
 * Thank you for reporting this issue.
 * All files classified as enPotentiallySuspiciousThreatType could be skipped/whitelisted.
   
   wp-config.php loads /var/lib/sec/wp-settings.php from an external location, just
   verify wp-settings.php is not modified file
 * Regarding the rest of the files classified as malicious, we need to investigate
   them. Can you please archive these files and send it to email support{at}quttera.
   com?
 * Can you please verify whether these files also detected by the normal sensitivity
   internal scan?
 *  Thread Starter [luciusab](https://wordpress.org/support/users/luciusab/)
 * (@luciusab)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/false-warnings-2/#post-13725305)
 * Thanks for your fast reply! They did not show up with the normal sensitivity-
   scan.
    I have sent you an email with the files now!
 *  Plugin Author [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/false-warnings-2/#post-13728951)
 * We finished investigation of all provided files and all of them are clean. We
   will whitelist detection on our side.
 * Thank you for reporting this issue.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘False warnings’ is closed to new replies.

 * ![](https://ps.w.org/quttera-web-malware-scanner/assets/icon-256x256.png?rev=
   2902086)
 * [Quttera ThreatSign – Web Malware Scanner for WordPress](https://wordpress.org/plugins/quttera-web-malware-scanner/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/quttera-web-malware-scanner/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/quttera-web-malware-scanner/)
 * [Active Topics](https://wordpress.org/support/plugin/quttera-web-malware-scanner/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/quttera-web-malware-scanner/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/quttera-web-malware-scanner/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [quttera](https://wordpress.org/support/users/quttera/)
 * Last activity: [5 years, 4 months ago](https://wordpress.org/support/topic/false-warnings-2/#post-13728951)
 * Status: resolved