Announcement

Collapse
No announcement yet.

imunifyAV false positive virus in French translation of simple tags plugin?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    imunifyAV false positive virus in French translation of simple tags plugin?

    Recently, I received a message from my hosting that my site was suspended because they found a virus and said to check the page with imunifyAV in plesk, and there was this: public/wp-content/languages/plugins/simple-tags-fr_FR.l10n.php

    SMW-BLKH-SA-CLOUDAV-php.bkdr.gen-AUTO12-0

    Click image for larger version Name: imunifyAV.png Views: 47 Size: 43.0 KB ID: 40449

    This is the WordPress Tag, Category, and Taxonomy Manager – AI Autotagger plugin in WP: https://wordpress.org/plugins/simple-tags/

    Most likely this is a false positive, but I can’t do anything about it except turn off the French language in my WP.


    I also checked through VirusTotal, it didn’t find anything:

    https://www.virustotal.com/gui/file/3edd5652cfbd679951f19d0ae242ce0d9764559e85e98b116a 49a20dbe1b419c/detection


    Here I have attached the file itself from my server:

    [ATTACH]n40450[/ATTACH]


    Here are the versions my hosting uses:
    imunify-antivirus - 7.17.1-1
    imunify-ui - 7.19.1-1
    imunify-core - 8.0.0-2


    Is this really a false positive or is there really a virus?
    Attached Files
    Tags: None
  • #2
    Hello,

    I've checked the provided PHP file using our malware signature database with the latest build and the file was not marked as malicious:

    HTML Code:
    summary:  	scan_path: /var/imunify360-malware-sigs-server/data/builds/13516 	report_time: 1737973721 	ai_version: HOSTER-32.1.21 	db_location: external 	db_version: 20250127-13516 	counters: 	 		redirect: 0 		critical_php: 0 		critical_js: 0 		cloudhash: 0 		phishing: 0 		unix_exec: 0 		iframes: 0 		not_read: 0 		base64: 0 		heuristics: 0 		symlinks: 0 		big_files_skipped: 0 		suspicious: 0 		suspicious_ext: 0 		suspicious_ign: 0 	 	 	total_files: 1 	scan_time: 0.1 	mem_peak: 16777216 	php_ver: 8.2.14 	php_handler: /opt/alt/php-internal/usr/bin/php 	smart_time_hs: 0 	scan_time_hs: 0 	smart_time_preg: 0 	scan_time_preg: 0 	finder_time: 0 	cas_time: 0 	deobfuscate_time: 0.0515 	users: 	 		0


    Consequently, I'd recommend updating your ImunifyAV since the antivirus module v8.1.0 is already released: https://changelog.imunify.com/imunify-av
    You can refer to these instructions: https://docs.imunify360.com/imunifya...-the-antivirus

    Also, you may want to consider updating to the new ImunifyAV Extension: https://docs.imunify360.com/imunifya...nify-extension

    If your file is still detected as malicious after the ImunifyAV version update, please create a ticket for our Team: https://cloudlinux.zendesk.com/hc/en-us/requests/new

    Here is also the reference to our doc on this topic: https://docs.imunify360.com/imunifya...egitimate-file

    Comment

    Previous template Next
    Working...
    X