News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Possible malware?

Started by Stirius, December 12, 2019, 10:53:25 AM

Previous topic - Next topic

Stirius

Hi, our hosting provider told us using their scan that those two files could include some malware, is it possible?

file        malware
/forum/Sources/Subs-List.php   {ISPP}suspect.post.eval   
/forum/Sources/Subs-Package.php   {ISPP}suspect.crypted.chars   

Best,
Karel

Illori

we would not know without you providing us the files. it could well be a false positive.

Stirius

Ok, here they are. Can you check them please? I don't think that we have changed the core files in any way.

Thank you.

Shambles

Both false positives, if you look inside them then read these:

{ISPP}suspect.post.eval
QuoteFalse Positive Probability: low to medium

Malware of this type allows executing of any code that is sent by POST, GET etc.

Simplified example:

<?php
if(isset($_POST['xyz'])) {
    /* some code */
    eval($_POST['xyz']);
}
?>
https://ispprotect.com/glossary/isppsuspect-post-eval/


Stirius


Advertisement: