Malware Warning for gen_stub.php

  • Resolved Kramarz

    (@kramarz)


    5 months ago

    Hi Guys,

    Latest update triggered the following Malware Warning on one of our client’s hosting:

    A file matching a malware signature has been detected on the hosting account. Malware could be used for spamming, phishing, website defacement, attacking 3rd-party websites or other malicious activities. For this reason the file with the signature detected has been quarantined.

    The file was likely uploaded to your website by a malicious actor using vulnerable software which is not being kept up to date. Please make sure all content management software such as WordPress, Joomla, Drupal, etc. is brought fully up to date, including all plugins and themese that it may use. The Softaculous tool on our cPanel hosting control panels may be used to assist with updates. You should also check that no additional users (particularly with admin rights) have been added to your website. 

    Failure to correct vulnerabilities may result in websites being forced to read-only mode or the suspension of the entire hosting account. Please see the attached log entry for detailed information about this detection.

    Malware file log:
    Jun 27 16:17:27 screen cxs[2247598]: ['.../wp-content/upgrade/backwpup.4.1.2/backwpup/vendor/aws/aws-crt-php/gen_stub.php'] - ClamAV detected virus = [SecuriteInfo.com.PUA.PHP.Downloader-4.UNOFFICIAL]

    Any ideas?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support BWU Support

    (@saranshwpm)

    Hi,

    Thank you for bringing this to our attention.

    To investigate this further, could you please contact our support team via this link and send us the specific file that triggered the malware warning? This will allow us to compare it with our original file and determine the cause of the issue.

    Best regards,

    Thread Starter Kramarz

    (@kramarz)

    Unfortunately, I can’t. Host quarantined it, so I have no access to it.
    For me it looks like a false-positive and I guess it’s the original file mentioned.
    Thought you could just have a look what in this file structure could be triggering the malware warning, and adjust the code.

    Plugin Support BWU Support

    (@saranshwpm)

    Hi,

    Thank you for your update. Our developers have reviewed the file and confirmed that it should be safe, as it comes from the official repository. It seems like a false positive.

    In any case, if you receive any similar notices again, please let us know so we can further investigate.

    Regards,

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.