Title: Suspicious Code Last modified: April 23, 2017 --- # Suspicious Code * Resolved [raceman59](https://wordpress.org/support/users/raceman59/) * (@raceman59) * [8 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-3/) * This plugin is triggering a security warning on VaultPress (owned by the makers of WordPress) * Can you please comment about this suspicious code? * Can you please remove it asap so that i may use your plugin and not have it flagged by VaultPress? * > VaultPress detected a new security issue on one of your sites. > Our security scanners found 1 new security threats since the last email notification. > Please visit the VaultPress security page for more details. > Suspicious Code > Our security scanners detected the following possible security issues. We recommend > that you review the affected files. > PHP.Generic.BadPattern.5 > This code pattern is often used to run a very dangerous shell programs on your > server. The code in these files needs to be reviewed, and possibly cleaned. > Help Document > plugins/wp-mail-logging/lib/vendor/pimple/pimple/src/Container.php Viewing 8 replies - 1 through 8 (of 8 total) * [No3x](https://wordpress.org/support/users/no3x/) * (@no3x) * [8 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9059399) * This is ridiculous. It’s an established pattern for service based OOP and dependency injection. Please refer to [http://pimple.sensiolabs.org/](http://pimple.sensiolabs.org/) * Thread Starter [raceman59](https://wordpress.org/support/users/raceman59/) * (@raceman59) * [8 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9059426) * No3x * Thank you for the responce. * Wether you think its “ridiculous” of not, VaultPress is flagging the code as potentially harmful and thus it IS a problem regardless of your opinion. * [No3x](https://wordpress.org/support/users/no3x/) * (@no3x) * [8 years, 11 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9059452) * Please send me a hash of the file to verify integrity. Maybe someone really put malicious code in there. * But I don’t think that’s the reason: Please refer to a similar topic [https://wordpress.org/support/topic/security-risk-vaultpress/](https://wordpress.org/support/topic/security-risk-vaultpress/) * Thread Starter [raceman59](https://wordpress.org/support/users/raceman59/) * (@raceman59) * [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299613) * I have tried your plugin again, hoping it was updated to avoid this security alert being presented my VaultPress. * Still VaultPress Immediately flags a section of your plugin as “Suspicion Code” * This is the file that is the specific file causing errors /wp-content/plugins/ wp-mail-logging/lib/vendor/pimple/pimple/src/Container.php * Starting at line 242 * $extended = function ($c) use ($callable, $factory) { return $callable($factory( $c), $c); }; * What are your thoughts on this issue? * [No3x](https://wordpress.org/support/users/no3x/) * (@no3x) * [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299656) * It’s an established pattern for service based OOP and dependency injection. Please refer to [http://pimple.sensiolabs.org/](http://pimple.sensiolabs.org/) * Please send me a hash of the file to verify integrity. Maybe someone really put malicious code in there. * But I don’t think that’s the reason: Please refer to a similar topic [https://wordpress.org/support/topic/security-risk-vaultpress/](https://wordpress.org/support/topic/security-risk-vaultpress/) * Thread Starter [raceman59](https://wordpress.org/support/users/raceman59/) * (@raceman59) * [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299675) * No3x * Thank you for the email. * I have positive reply from VaultPress staff. * Their reply follows: * I’ve taken a look at the security alert. I’ve also compared the file on your server with the file as provided from the plugin author, and it matches. This is a false positive, which I have ignored for you. * At times, plugin authors may use a style of writing code that is similar to what we see when someone is trying to hack a site. VaultPress errs on the side of caution and alerts to anything that may benefit from a second look. * Please let us know if you need any further assistance. * Cheers 🙂 * Megan T. Happiness Engineer Jetpack | VaultPress | Akismet | Guided Transfer * [No3x](https://wordpress.org/support/users/no3x/) * (@no3x) * [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299701) * Oh wow, they have access to your webserver? * I’m happy you could verify my statement about this from a 3rd party. * Thread Starter [raceman59](https://wordpress.org/support/users/raceman59/) * (@raceman59) * [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299715) * The VaultPress Staff have access to my VaultPress account which is where the file Alert is flagged. * They have the ability to verify backed up files on VaultPress and “ignore” any security alerts if it seems appropriate. Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Suspicious Code’ is closed to new replies. * ![](https://ps.w.org/wp-mail-logging/assets/icon-256x256.jpg?rev=2562296) * [WP Mail Logging](https://wordpress.org/plugins/wp-mail-logging/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-mail-logging/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-mail-logging/) * [Active Topics](https://wordpress.org/support/plugin/wp-mail-logging/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-mail-logging/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-mail-logging/reviews/) ## Tags * [suspicious code](https://wordpress.org/support/topic-tag/suspicious-code/) * 8 replies * 2 participants * Last reply from: [raceman59](https://wordpress.org/support/users/raceman59/) * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/suspicious-code-3/#post-9299715) * Status: resolved