False Positive Malware Alerts

Hi @rjdougan,

Can you provide an example of what was incorrectly categorized as malware? A screenshot would be helpful too!

Dave

The following is an example of the message when I click on the details:

——————–
Filename: wp-content/cache/wp-rocket/www.domain.org/church-calendar/index-https.html
File Type: Not a core, theme, or plugin file from www.remarpro.com.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <title>Church Calendar</title><link rel=”stylesheet” href=”https://fonts.googleapis.com/css?family=Oswald%3A400%2C300%7COpen%20Sans%3A700%2C400%2C400i%7CR&#8230;

The issue type is: Suspicious:HTML/spampattern
Description: Suspicious code pattern commonly seen in generated spam pages

———————–

As mention orginally, it is happening on selected cache pages. These are being created by WP-Rocket.

Looks like issue has corrected itself. The malware messages following the most recent scan are gone. Close the ticket.

Hmmm, that is strange, but I’m glad the messages went away and they’re not reappearing.

Please feel free to post another thread (or re-open this one) if it starts acting up again.

Thanks!

I also getting malware scan of files which was restored from a month old backup of the site which had been previously scanned by Wordfence without an issue:

Filename: 087d257c6f0910e0993a1fa900c3028881e2128e.php
File Type: Not a core, theme, or plugin file from www.remarpro.com.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: preg_match(‘/^application\/json/i’, $_SERVER[‘CONTENT_TYPE’])))\x0a\x09echo handleRequest(file_get_contents(‘php://input’

The issue type is: Uploader:PHP/uploadinput
Description: Uploads file from php input