Support » Plugin: BulletProof Security » Server scan: false positive?

  • Resolved hopsakee

    (@hopsakee)


    Hi,

    I had my server scanned for malware and this showed up in the results.

    public_html/wp-content/bps-backup/mscan/mscan-pattern-match.php: YARA.imh_php_base64d_obfuscated.UNOFFICIAL FOUND

    Is this a false positive or can I delete it?

    Please let me know.

    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author AITpro

    (@aitpro)

    Yep, it’s a false positive. Just ignore that if you are allowed to ignore it. The server malware scan found the MScan malware scan pattern matching code used to scan for malware. Very common problem and limitation of malware scanners. I’m doing a complete rebuild of MScan in the next BPS plugin version and am going to use a DB option that contains the MScan malware pattern matches instead of using the mscan-pattern-match.php file. Plugin and Theme files will now be checked by MD5 hashes like I have been doing with WP Core files. MD5 file hash comparison checking is 100% accurate vs pattern matching malware scans that are 75% accurate (lots of false positives and undetected malware) at best.

    • This reply was modified 2 months, 3 weeks ago by AITpro.
    • This reply was modified 2 months, 3 weeks ago by AITpro.
    Thread Starter hopsakee

    (@hopsakee)

    Thanks for confirming. And thanks for the great work!

    Plugin Author AITpro

    (@aitpro)

    Resolving this thread.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.