Support » Plugin: Export All URLs » functions.php triggering a malware signature

  • Resolved cleanpagedesign


    Hi there

    I was having an issue with a site that had your plugin installed (emails being passed to the mail server but not sent). When my host scanned the files, a malware signature was triggered. This is the information they have given me.

    It looks like there is malware on this package which is preventing the PHP Mail function, please see below:

    /public_html/wp-content/plugins/export-all-urls/functions.php: {HEX}Malware.Expert.generic.uploader.2.UNOFFICIAL FOUND

    It looks like the functions.php script is triggering a malware signature of {HEX}Malware.Expert.generic.uploader.2.UNOFFICIAL FOUND. If they can confirm it’s a false positive or not, that would be great.

    I’ve since checked the site with the Sucuri scanner and run a WordFence scan and that’s not flagging up the error. Can you confirm if this is a false positive?

    Thanks very much

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Atlas_Gondal


    Hi Dom,

    I’m sorry to hear that you are facing issues and I’m here to help, as much as I can! 🙂

    This plugin doesn’t contain such type of code, which trigger (or even leads) to malicious activity/behavior. I’m pretty sure your site is infected with some kind of malware which infected this plugin.

    As a quick check, you can compare installed file with original to differentiate the difference:

    Steps to compare:

    • Logon using cPanel of FTP
    • Navigate to: /public_html/wp-content/plugins/export-all-urls/functions.php
    • Compare that code with: Original Code

    If both codes are same then it is false positive, otherwise it is not.

    Click Here to find more detail about that malware.

    Click Here to contact me, for further inquires!

    Have a Good Day! 🙂

    • This reply was modified 1 year, 9 months ago by Atlas_Gondal. Reason: format correction

    Hi Atlas

    Thanks for getting back to me on this. The two files are identical. Must be a false positive. Thanks for your help. Very useful plugin.


    Just so you are aware we are also now getting this file being flagged as malware with our hosting provider.

    We’ve also checked the files from a fresh download and there is no difference.

    Definitely a false positive, but you may wish to investigate!


    Plugin Author Atlas_Gondal


    @stevegalyer, thanks for reporting. I am aware of the issue and it is difficult to fix the issue because I don’t have enough detail (unless I see it myself). However, I am struggling to find and fix the issue.

    It would be great if you are any other user “who is facing the issue” could share detail about the issue like hosting company, software/module which flagged it etc. So, I can work on fixing it.

    However, I have doubt on one method and I’m re-writing that and hopefully; will get it clear soon.


    hi.. i also facing the same issue.. my hosting sent me the informations as below :

    Information regarding the malware infection we detected is included below.

    {HEX}Malware.Expert.generic.file.get.contents.0 : /home/selutemy/public_html/wp-content/themes/wplms/functions.php
    {HEX}Malware.Expert.generic.file.get.contents.0 : /home/selutemy/public_html/
    {CAV}GGS.Team.detection.A : /home/selutemy/public_html/wp-includes/wp-tmp.php

    what should i do ya? please help me.


    mohd yusni

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘functions.php triggering a malware signature’ is closed to new replies.