[Plugin: AntiVirus] is this a false positive?

  • Got an email today with a fantastically phrased alert:

    The daily antivirus scan of your blog suggests alarm.

    Went to the site (which belongs to a friend of mine, actually) and re-ran the scan manually; the alarm-suggesting code seems to be this:

    add_action('admin_menu', 'rt_theme_option_menu');
require_once(TEMPLATEPATH . '/rttheme_options/custom_form.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel2.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel3.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel4.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel5.php');
require_once(TEMPLATEPATH . '/rttheme_options/controlpanel6.php');

    That doesn’t look that scary to me, but if it’s all fine and can be whitelisted, I don’t understand why it would be suggesting alarm NOW and not when I installed the theme about four months ago…

    Can anyone tell me if that seems like something worth being alarmed about? Any insight would be greatly appreciated. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

  • I’m having a similar problem, which started happening yesterday. I got a mail from one of the sites I’m managing, saying that there was a suspicion of a virus. I check the site (which is WordPress MU 2.9.2, just for the record), and run the scan manually. What happened next was the weirdest thing, while it’s scanning, the scan stops at the following file (Producer Theme)

    single-thecontent.php

    Which is strange, considering the file is clean, as I’ve noticed. I also noticed it’s showing a problem with includes, because it displayed this as an alarm:

    <?php include (TEMPLATEPATH . ‘/searchform.php’); ?>

    BTW, during the scan, and right after it scans this file in particular, my browser freezes and starts taking a lot of RAM space (600~900MB in just a matter of seconds), I have to kill the process before the computer dies on me. I use Firefox, but I tried the same test on Chrome and Safari, both had the same behavior (and both processes hd to be killed too). It’s still doing that, and I’m unsure of what could be the cause of it.

    well i am also on the same track.

    i am getting alrets everyday but still not able to find out wat’s the issue.

    Would this have anything to do with the last update? Because the last version was released 5 days ago.

    # Version: 0.7
    # Other Versions ?
    # Last Updated: 2010-4-16

    Make sure the AntiVirus plugin scanned the files being included. If the files listed are clean, then there is no reason to be alarmed. From what I understand about this plugin, it considers include statements to be potentially malicious (which they can be!). As long as you know that the file being included is safe, you can reasonably conclude that it is a false positive.

    Hope this helps you!

    Ted Nicols

    (@ted-nicols)

    I’m looking for good antivirus download free. Had similar problem. It always takes a lot of RAM when using Mozilla during the scan, works a little better with other browsers.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Plugin: AntiVirus] is this a false positive?’ is closed to new replies.