re: quarantine of malicious file on my site

  • Resolved adassets

    (@adassets)


    1 month, 3 weeks ago

    Hi. My server keeps flagging ninjafirewall as a malicious file. Ive tried redownloading and installing the plugin, but it keeps getting flagged. It seems to disable the firewall completely. Please help maybe get it whitelisted?

    MALWARE DETAILS

    Below are details of the affected files:

    ________________________________________

    HOST:????? **

    SCAN ID:?? 240926-0122.36827

    STARTED:?? Sep 26 2024 01:22:04 +0000

    COMPLETED: Sep 26 2024 04:44:03 +0000

    ELAPSED:?? 12119s [find: 817s]

    PATH:?????????

    RANGE:???????? 1 days

    TOTAL HITS:??? 1

    FILE HIT LIST:

    /*/**/***/****/*****/wp-content/plugins/ninjafirewall/lib/firewall.php

    ===============================================

    Linux Malware Detect v1.6.5 < [email protected] >
Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter adassets

    (@adassets)

    Could you make sure this file isn’t infected from the downloadable file on wordpress plugins?

    Plugin Author nintechnet

    (@nintechnet)

    The file isn’t infected, that’s a false positive.
    Which rule in your malware scanner flags it ?
    You can exclude the file from maldet. See # maldet --help

    • This reply was modified 1 month, 3 weeks ago by nintechnet.
    Thread Starter adassets

    (@adassets)

    Hi. It is a malware scanner run by my hosting provider, Nexcess. Yesterday, they agreed to whitelist that particular file firewall.php.

    According to what they sent me:

    MALWARE DETAILSBelow are details of the affected files:________________________________________HOST:????? **SCAN ID:?? 240926-0122.36827STARTED:?? Sep 26 2024 01:22:04 +0000COMPLETED: Sep 26 2024 04:44:03 +0000ELAPSED:?? 12119s [find: 817s]PATH:?????????RANGE:???????? 1 daysTOTAL HITS:??? 1FILE HIT LIST:/*/**/***/****/*****/wp-content/plugins/ninjafirewall/lib/firewall.php===============================================Linux Malware Detect v1.6.5 < [email protected] >

    It looks like the software is Linus Malware Detect v1.6.5 – [email protected]. I just found it strange that it would trigger this but not what we used before, Wordfence.

    Thank you.

    Plugin Author nintechnet

    (@nintechnet)

    Your host is using Linux Malware Detect?engine only, but they added their own signatures. False positives can occur sometimes, specially when scanning files belonging to security applications (firewall, antivirus).

    Thread Starter adassets

    (@adassets)

    thank you~

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.