WordPress.org

Forums

EWWW Image Optimizer
[resolved] Malware reported: php.exe.globals.381.UNOFFICIAL (5 posts)

  1. pxlar8
    Member
    Posted 2 years ago #

    I'm getting a Malware warning from a server scan on the file ewww-image-optimizer.php. The specific warning I'm getting is: Malware detected: php.exe.globals.381.UNOFFICIAL

    Using version 1.3.8

    http://wordpress.org/extend/plugins/ewww-image-optimizer/

  2. nosilver4u
    Member
    Plugin Author

    Posted 2 years ago #

    Sounds like you're using Linux Malware Detect, I'm looking into what triggers that rule, but I suspect it is just a generic one that triggers when php is using the exec() function. There would have to be a security breach with the WordPress plugin system for actual malware to be in that package.

  3. pxlar8
    Member
    Posted 2 years ago #

    Okay, thanks. Yes, I believe it is using Linux Malware Detect.

  4. nosilver4u
    Member
    Plugin Author

    Posted 2 years ago #

    I ran a scan myself with their latest signatures, and it only picked something up in older versions: 1.10 - 1.2.2. I'm going to contact the author of LMD to find out what that actually means. For a while, we were bundling an unpatched optipng, which nearly correlates to that time frame, but since then, we have been using the latest up to date version, so I'm not sure why you are getting a trigger on 1.3.8...

  5. nosilver4u
    Member
    Plugin Author

    Posted 2 years ago #

    unable to get a response from the LMD folks. I've given the code a pretty thorough audit since the last release, and have not found anything wrong.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • EWWW Image Optimizer
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.