Malware or false positive

  • Resolved janadams76

    (@janadams76)


    5 years, 10 months ago

    Hi there,

    our internal server malware scanner printed out the following:

    /var/www/vhosts/elokron.de/httpdocs/elokron2016/wp-content/plugins/psn-pagespeed-ninja/public/class-pagespeedninja-public.php {ISPP}suspect.hide.filemtime
    /var/www/vhosts/elokron.de/httpdocs/elokron2016/wp-content/plugins/psn-pagespeed-ninja/ress/classes/helper.php {ISPP}suspect.crypted.inflate

    Could it possibly be a false positive?
    Why does the scanner find something suspicious there?

    Any help appreciated!

    Jan

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Denis Ryabov

    (@dryabov)

    class-pagespeedninja-public.php uses modification time (via PHP’s filemtime function) of pagecache.stamp file to know when to start clearing the cache directory.

    ress/classes/helper.php contains encode and decode functions (wrappers on top of gzdeflate/gzinflate) that were used in the past for another project (based on our RESS framework), and currently are kept for backward compatibility only. PageSpeed Ninja doesn’t use them.

    Anyway, PageSpeed Ninja is open source, so that you can check it yourself.

    Thread Starter janadams76

    (@janadams76)

    Hi Denis,

    thank you for your (very) quick response!

    Since i’m not that good in php i can’t draw conclusions like you did, eventhough it’s open source. So i’m thankful for your description of the malware message.

    So it seems like the malware scanner is quite a bit overprotective, right?

    Jan

    Plugin Author Denis Ryabov

    (@dryabov)

    > So it seems like the malware scanner is quite a bit overprotective, right?

    Usually it gives you hints that should be checked manually. Such scanners are not AI and unable to reliably distinguish between valid and dangerous codes (scanners are just based on some heuristics), so false positives are possible, but as you are “not that good in php”, it’s better to trust scanners than to don’t trust.

    Thread Starter janadams76

    (@janadams76)

    makes sense, thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Malware or false positive’ is closed to new replies.