Virus/Malavare removal

[Мel]

you might see it still working but it will put more load on your server and your host may talk to you about it depending on how much load it puts on the server.

Will see. They were concerned about the "virus".

[Illori]

then they should also be aware of false positives. if they are not then I would start looking for a new host.

[Мel]

then they should also be aware of false positives. if they are not then I would start looking for a new host.

It's actually a very good host with modest pricing and prompt, efficient & user-friendly tech support. I'll stick by it.

[shawnb61]

Did a little bit of research.  So, breaking down the message...

data_24ea2800a6f49c32b4f6ee4b0f1420d8-SMF-modSettings.php - This is a cached version of your settings table
YARA - Yara is a common text-search-based malware detection tool
r57shell  - is a common malware script out there
UNOFFICIAL - Unofficial means the AV test is not using the official signed version of the signatures.  In my (limited) understanding, this is usually done for testing purposes.

So... 

There is a string in your settings table that triggers your AV to generate a warning.  These are usually false positives.  But not always. 

This query should help you find the suspicious setting:

Code Select Expand

SELECT * FROM `smf_settings` WHERE variable like '%r57%' or value like '%r57%';

(If your table prefix is not "smf_", then change the query accordingly...)

Do you have any anti-spam or anti-malware mods installed?   E.g., Forum Firewall?  That would do it. 

As noted above, cache is important as your site grows.  Disabling it is only a short-term solution. 

If you confirm this is a bogus find, your host should be able to disable that check.