Plugin Support
Milos
(@miloss84)
Hello there,
Thank you for being so patient.
I see that you have issuw with your malware detection, i will try to expalin what notification you recived:
The signature you reported — {HEX}Malware.Expert.php.wilcard.function — comes from Malware Expert’s ClamAV rules, which are designed primarily to catch patterns in PHP malware. Your quarantined files are .js assets under wp-content/plugins/elementor/assets/js/…, not PHP. These signature sets are known to cast a wide net and can trip on non-PHP files, causing false alarms. You can check more details here – https://malware.expert/product/signatures/?utm_source=chatgpt.com
So the filenames you listed (e.g., ai.js, ai-admin.js, ai-gutenberg.js, etc.) are standard Elementor AI-related scripts shipped with the plugin. They’re part of the editor experience, even if you don’t actively use AI features
In order to fix this ,you can try following:
- Update Elementor to the latest release.
- Restore/reinstall clean plugin files to replace anything quarantined.
-Ask your host to review their signature hit and whitelist these specific JS paths (or update their signature DB).
Hope thsi will help you.
Kind regars,
Hi contacted my host and is confirmed as False positive.
I leave the thread here so if someone have the same “problem” now is clear that is not a real virus 🙂
Thanks
Plugin Support
Rica
(@ricav)
Hi there,
Thanks for confirming with your host and sharing the resolution! You’re absolutely right – false positives can happen, and it’s great that you’ve documented this for other users who might encounter the same warning.
Thanks for keeping the community informed!
Best regards,
