ImunifyAV/Imunify360 started flagging multiple files as malware

**akots** · 03-27-2026, 02:54 PM

Thank you for the details!
Consulted with the Imunify Team - they've opened an internal case for this, and our malware processing team is on it (DEF-40647). We are excluding the paths generated by the Plesk chrootshell.

**akots** · 03-27-2026, 09:32 AM

Hello,

From what I can see, these detections appear to be related to legitimate binary files located under the account path, which can be flagged by Imunify’s Binary (ELF) malware detection. This may happen, for example, when such files are present as part of a chrooted environment or similar setup.

(1-2) We do not currently see this as a widespread recent pattern on our side. Also, at the moment, we do not have signs that Imunify started flagging these files more aggressively in general.

(3) If these files are expected and trusted on your server, this would be considered a false positive. In this case, you have a few options:

Report the detected files as false positive: https://cloudlinux.zendesk.com/hc/en...gative-results
Ignore them if you have already confirmed they are legitimate: https://cloudlinux.zendesk.com/hc/en...alware-scanner
Apply the workaround from https://cloudlinux.zendesk.com/hc/en...-as-malicious:
- disable Binary (ELF) malware detection, or
- move such binaries to a dedicated directory and add that directory to the ignore list.

Please note that disabling ELF binary detection may reduce the protection scope, so the ignore-list approach is usually the safer option if these files are known to be legitimate.

**NovaNvyvbeige6s** · 03-27-2026, 09:43 AM

Hi, I assume that’s the case. This notification has been appearing for a few days now. It detects exactly 59 files in those subscriptions where these executable files are located in the usr directory. Previously, this didn’t happen at all, but now the same message appears in all subscriptions that contain these files.

I don’t want to add this to the exclusion list. I believe this should be handled on your side, so you can analyze why your software is detecting it this way. I don’t want to add it to exclusions to avoid accidentally overlooking something later.

I have scanned several of these files, and none of the executables appear to be viruses or anything suspicious.

**akots** · 03-27-2026, 10:06 AM

Thanks for a quick reply, got it.

Could you please share the Imunify version you are using? e.g.:

Code:

rpm -qa |  grep imunify

I am also interested in the antivirus module version so that I can consult it internally with our colleagues.

**NovaNvyvbeige6s** · 03-27-2026, 01:09 PM

imunifr-antivirus - 8.7.1-1
imunify-ui-8.10.1-2
imunifr-core - 8.9.0-3

**akots** · 03-27-2026, 02:54 PM

Thank you for the details!
Consulted with the Imunify Team - they've opened an internal case for this, and our malware processing team is on it (DEF-40647). We are excluding the paths generated by the Plesk chrootshell.

ImunifyAV/Imunify360 started flagging multiple files as malware

ImunifyAV/Imunify360 started flagging multiple files as malware

Comment

Comment

Comment

Comment

Comment

Comment