w3 total chache cached files contain virus

Got the response from ClamAV that they push the change in next update and I asked when that next update is planned. These companies should proactively check these bugs and fix them before thousands of websites are affected by it. Hope this update will be done ASAP. Please let us know if you see that update is already applied.

@GunasekharT signature pulled. Should be live with next update.

— ClamAV (@clamav) February 3, 2016

I reported a false positive report to ClamAV on the link given by pcmobitech. Fingers crossed for a quick update.

Hi Trendingtop5, yes the issue is resolved after disabling local caching.

@techtechnik writes…

but when scanning my website it doesn’t show any infected file or posts…the site is 100% clean with no malicious files.

@tgunasekhar writes…

I wish you were right, at least in that way we would be able to solve the problem. But it is not true. The infected files and the urls scanned by other antivirus including virustotal.com which is maintained by Google finds nothing.

Yes, malware can make sure that it only loads itself in certain scenarios. For example, some malware only loads itself when the visitor is arriving from a Google Search result. If you visit the page directly, the malware might not load itself. It works that way so that it’s harder to find out that you’re infected.

When using a caching plugin, the content of the pages is captured and stored by the caching plugin, which means that the malware can’t hide itself. As a result, you’re more likely to see the infected pages.

Caching plugins are better at exposing infected sites for that reason: they make it harder for the malware to hide itself.

ZenCache, WP Rocket, W3TC… all of these plugins are being actively developed by experienced developers. They have tens of thousands (or even hundreds of thousands) of users. If one of these caching plugins was truly infected, the issue would be found and fixed rather quickly (and the WordPress team would remove the plugin from the plugin directory until the security issue was fixed).

However, the problem is not with the caching plugins. The problem is with your specific site being infected with malware.

Interesting idea except that as tgun suggested and found clamav was the issue and was a false positive.

Also if again what you were saying is correct then the cached files which were downloaded (and flagged by their virus scanner) would have been flagged by virus total. This makes your entire point moot because by your own reasoning the cached file makes it easier to detect. Sooo your whole point is defeated by your own reasoning…

@destac If ClamAV or some other virus scanner is detecting something inside a cache file as a false-positive (i.e., it thinks there’s malware in the cache when in fact there is not), then that’s an entirely separate issue from what I was addressing above.

A false-positive means that there is no malware to begin with. I was addressing the claim that the cache plugins themselves were infected with malware and injecting that malware into cache files, which simply isn’t the case.

It sounds to me like ClamAV is falsely reporting that cache files have malware inside them, when in fact they do not. That’s a ClamAV problem, not a caching plugin problem.

@raamdev, I removed all wordpress installation files.
only left these-
database & /wp-content/uploads/
Then reinstall WordPress & edit WP-config, theme & plugins. But as soon as i enabled Zencache pro & try others. the problem again started. Now what could be the reason. The only reason remains ClamAv.

@pcmobitech Right, so the problem is ClamAV, not ZenCache or W3TC. The problem is that ClamAV is wrongly detecting the caching plugin as containing or producing malware. This issue needs to be reported to ClamAV (reading through this thread, it sounds like others have already done this and ClamAV will be fixing the problem in their next update).

I don’t know if ClamAV released the update yet, they claim every 4 hours, however I’m still seeing the same PUA show up in my cache files – and only cache files.

Thank to ClamAV !!!

Everyday I have huge problems with my 25 sites hosted on two different sharing hosting account with cPanel which uses ClamAV !

Everyday Outbound ports blocked and I must spend time and contact hosting support !

Thank you so much ClamAV !

You ruined my business !

Hey friends good news the problem has been resolved. ClamAV removed their big false positive. Now Check your Cache plugin.

“No Virus Found”

Hurray to All Who Helped in Sorting things by Informing ClamAv.

Thanks everyone

Yay! Works great. Thanks all.

Yes all fixed! My week long headache is over!

Yes, its fixed now. Thank you all for participating in this thread and giving useful inputs. You all made it faster.