Support » Plugin: EWWW Image Optimizer » ImunifyAV – Detected Malware

  • Resolved Pigo3934blog

    (@pigo3934blog)


    I was running ” ImunifyAV “ to scan all of the sites on the server.

    SEE: https://www.imunify360.com/antivirus

    =======

    Every site with the ” EWWW ” plugin displayed a warning in ten ( 10 ) different places within the plugin for . . .

    php_malware.id_SMW-HEUR-ELF

    =======

    Is this a ” false-positive ” ?

    Look forward to your reply.

    • This topic was modified 6 months, 3 weeks ago by Pigo3934blog.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter Pigo3934blog

    (@pigo3934blog)

    Can you please reply ?

    Just need to know if what ” Imunify AV ” is finding is a “false-positve”, or not .

    “HEUR” indicates a heuristic check, which may be related a virus, but not for sure.

    Can you share the string that was matched in the plugin code? This troubleshooting guide may help.

    Did this start from version 6.1.4?

    • This reply was modified 6 months, 3 weeks ago by Gal Baras.
    Plugin Author nosilver4u

    (@nosilver4u)

    Also, if you can post your debug information from the support tab via pastebin.com (feel free to redact some if you like), we can verify whether you have the official binaries that are included with the plugin. But a false positive would not be at all surprising, given our past experience with AV scanners.

    Thread Starter Pigo3934blog

    (@pigo3934blog)

    Unfortunately, the code we see is obfuscated, and cannot be copied.

    But here are the TEN (10) COMMON paths that have been consistently logged in various websites :

    /public_html/wp-content/ewww/jpegtran

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/cwebp-fbsd

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/cwebp-linux

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/cwebp-sol

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/jpegtran-fbsd

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/jpegtran-linux

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/jpegtran-sol

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/pngquant-fbsd

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/pngquant-linux

    /public_html/wp-content/plugins/ewww-image-optimizer/binaries/pngquant-sol

    =============

    REASON : php_malware.id_

    =============

    Please upload the plugin to a website and then use ” Imunify AV “ to scan the C-Panel account via the server’s WHM.

    =============

    Just need to know if what ” Imunify AV ” is finding is a “false-positve”, or not .

    Look forward to your reply.

    • This reply was modified 6 months, 3 weeks ago by Pigo3934blog.
    • This reply was modified 6 months, 3 weeks ago by Pigo3934blog.
    • This reply was modified 6 months, 3 weeks ago by Pigo3934blog.
    Plugin Author nosilver4u

    (@nosilver4u)

    Without the debug information, I can’t tell you for sure whether it’s a false positive. But unless all your sites have been hacked, it probably is a false positive.

    Thread Starter Pigo3934blog

    (@pigo3934blog)

    What is your result when you scan a C-Panel account using ” Imunify AV ” ?

    Plugin Author nosilver4u

    (@nosilver4u)

    I don’t have a cPanel account with Imunify AV and I’ve never even heard of Imunify AV until you mentioned it. Regardless, the only way to know that your binaries are safe is to verify the checksums. Until you post the debug information which contains those, we cannot verify that the binaries are the same ones I compiled and distributed with the plugin.

    Alternatively, you can check them yourself against the authoritative list here: https://github.com/nosilver4u/ewww-image-optimizer/blob/c6badae0b203da1fcbb73a0319a9c2d4b4d554a0/unique.php#L1043

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘ImunifyAV – Detected Malware’ is closed to new replies.