-
According to our devs, these are very general Extended Suspicious Signatures (ESUS) and suspicious does not always mean malware.
Extended suspicious signatures – signatures used for internal purposes to identify files that raise concerns about their legitimacy or safety. Attackers always trying to improve their hiding mechanisms. We are using extended suspicious signatures to reveal new hiding technologies as earlier as possible.
It would be useful if you could share how exactly this list of files is obtained – was it done through the command line and the imunify360-agent tool?
As far as I understand, those files and signatures are not reflected in the Imunify UI and this behaviour is expected because of the signatures' internal purpose only.
You as a customer should treat files detected by extended suspicious signatures as safe in most cases. We are using complex logic on our end to filter them out and produce verdicts SMW-/CMW-/CLOUDAV- verdicts as earlier as possible.
If you are concerned about the files you mentioned, it would be also good practice to keep an eye on the websites with the files marked with ESUS sigs – particularly, since it is a WordPress website, simply ensure the script and its components like themes and plugins are up to date. Any outdated and non-used components are better to be removed to avoid the possibility of a hacker using outdated files. e.g. other security tips are here: https://www.wpbeginner.com/wordpress-security/Leave a comment:
-
I can't share screenshot but I can share some files:
If I manually check files, everything looks good and without malware code.Code:/wp-content/themes/metrovibes-parent/js/shCore.js extended-suspicious.id_SMW-ESUS-13 /wp-content/themes/metrovibes-parent/js/jquery.carouFredSel.min.js extended-suspicious.id_SMW-ESUS-13 /wp-content/themes/metrovibes-parent/theme_config/extensions/shortcodes/shortcodes/minigallery.php extended-suspicious.id_SMW-ESUS-12 /wp-content/themes/metrovibes-parent/cache/min-js-7cbeb0c0d7bddad26d35629d635e8d67.js extended-suspicious.id_SMW-ESUS-13 /wp-content/themes/metrovibes-parent/framework/core/AJAX.php extended-suspicious.id_SMW-ESUS-5 /wp-content/themes/metrovibes-parent/framework/core/INCLUDE.php extended-suspicious.id_SMW-ESUS-12 /wp-content/themes/metrovibes-parent/framework/helpers/GENERAL.php extended-suspicious.id_SMW-ESUS-5 /wp-content/themes/metrovibes-parent/framework/BootsTrap.php extended-suspicious.id_SMW-ESUS-12 /wp-content/themes/metrovibes-child/composer.json extended-suspicious.id_SMW-ESUS-12 /wp-content/themes/metrovibes-child/vendor/composer/autoload_real.php extended-suspicious.id_SMW-ESUS-12 [
Thank youLeave a comment:
-
Hi Petar,
According to our developers, these signatures have slightly different purposes than regular signatures verdicts described at https://docs.imunify360.com/faq_and_...classification
May I ask you to share where exactly you see the files marked with those? Would it be possible to share screenshots?Leave a comment:
-
What mean type of suspicious file SMW-ESUS-*
Hi,
I have a dozen files mark from imunify as potential risk.
Some of them is marked as type
extended-suspicious.id_SMW-ESUS-13 or extended-suspicious.id_SMW-ESUS-12 or extended-suspicious.id_SMW-ESUS-5
Can someone describe me what this type mean?
Thank you.
Leave a comment: