Getting lots of what appear to be false positives on the WordPress file:
default-widgets.php
since the WordPress 4.9.1 update.
as:
ClamAV detected virus = [Html.Trojan.Hidelink-6390190-0]
Anyone else noticing this as well?
Thanks all!
default-widgets.php
Re: default-widgets.php
Hello,
Yes, for some time now, we get the same false positives on a lot of our Wordpress sites. This leads to error 500 on a Wordpress website.
This can be temporarily resolved by putting the following line in /etc/cxs/cxs.ignore, /etc/cxs/cxs.ignore.fullscan or whatever cxs settings file you are using to scan or watch the filesystem:
Alternatively, you can put the md5sum entry in the ignore file:
First you'll have to find which CXS process is actually putting the default-widgets.php file into quarantine (it can be CXS watch, a full CXS scan of the /home directory or any other CXS scan configured by you).
Running diff on the quarantined file and a fresh file from the Wordpress kit did not show any differences:
Good luck.
Yes, for some time now, we get the same false positives on a lot of our Wordpress sites. This leads to error 500 on a Wordpress website.
This can be temporarily resolved by putting the following line in /etc/cxs/cxs.ignore, /etc/cxs/cxs.ignore.fullscan or whatever cxs settings file you are using to scan or watch the filesystem:
Code: Select all
pfile:default-widgets.php
Code: Select all
md5sum:ef4d04c6f206baf2f5042c7b1d150a87
Running diff on the quarantined file and a fresh file from the Wordpress kit did not show any differences:
Code: Select all
root@myserver1 [/home/user1/public_html]# diff /home/user1/public_html/wp-includes/default-widgets.php /myfolder/quarantine/cxsuser/user1/default-widgets.php.1512565991_1
Re: default-widgets.php
Hmm, oddly my install across many servers is not picking that up or doing a quarantine on it this month.