malware detect

There is no malware in the plugin. Check the source code before posting BS on a public forum!

If you didn’t make this up, this must be a false positive.

I got this email from malware detect software which i have installed on my dedicated server.

malware detect scan report for XXXXXX:
SCAN ID: 021615-0516.11072
TIME: Feb 16 05:18:28 -0500
PATH: /home*/*/public_html
RANGE: 2 days
TOTAL FILES: 625
TOTAL HITS: 2
TOTAL CLEANED: 0

FILE HIT LIST:
{HEX}php.cmdshell.unclassed.356 : /home/XXXXXX/public_html/wp-content/plugins/add-meta-tags/amt-admin-panel.php => /usr/local/maldetect/quarantine/amt-admin-panel.php.21062
{HEX}php.cmdshell.unclassed.356 : /tmp/nginx_client/0000089274 => /usr/local/maldetect/quarantine/0000089274.7149
===============================================
Linux Malware Detect v1.4.2 < [email protected] >

In meantime got answered from support which told me there is nothing suspicious in that file.

Sorry for disturbing.

Hi, I cannot reproduce your results on a CentOS 7 server using stock ClamAV and manually installed maldet with default configurations.

Linux Malware Detect v1.4.2
ClamAV 0.98.6/20067/Mon Feb 16 14:54:45 2015

maldet --scan-all /var/www/wordpress/wp-content/plugins/add-meta-tags/

malware detect scan report for c7:
SCAN ID: 021615-1604.2884
TIME: Feb 16 16:04:56 +0000
PATH: /var/www/wordpress/wp-content/plugins/add-meta-tags/
TOTAL FILES: 34
TOTAL HITS: 0
TOTAL CLEANED: 0

===============================================
Linux Malware Detect v1.4.2 < [email protected] >

Please update clamav and maldet data. Is it possible to reproduce the report with the false positive?

George

Great, going to update clamav and maldet.

Thanks

Also here are some checksums of amt-admin-panel.php as 2.6.4:

File: amt-admin-panel.php
CRC-32: c207afbc
   MD4: a5c66d269f2a2c2105b4ce053dd20bc0
   MD5: 084c7788636dbe6601b68ff5fe2195b6
 SHA-1: 487dab043d11d42640c65a698d72c3891e4c3bfc

Also, I highly recommend running a diff comparison of your current amt-admin-panel.php file and the one included in the official 2.6.4 distribution package.

Also, please make sure you always download the plugin from official sources. I’m considering adding a signed file containing sha1 sums of all files in future versions, so as to be able to verify their integrity.

What is the status of this issue? Have you been able to reproduce the false positive report?

BTW, I’m sorry for my initial response to this report. Your username, the number of your posts on these forums and the fact that the source code is available to check for any sign of malware made me think this was a joke.

Yes, i scan that folder manually and everything was okay without any malware. So i think first time it was false positive alarm and dont know how that happened.

Here is scan report:

malware detect scan report for XXXXXX:
SCAN ID: 021915-0300.17284
TIME: Feb 19 03:00:35 -0500
PATH: /home/XXXXX/public_html/wp-content/plugins/add-meta-tags/
TOTAL FILES: 61
TOTAL HITS: 0
TOTAL CLEANED: 0

===============================================
Linux Malware Detect v1.4.2 < [email protected] >

No worries, i know i have weird username ??

No worries, i know i have weird username ??

Haha, really glad you acknowledge! ??