Anti-Malware scan flagged a few files
#1
I run regular anti-malware security scans of my public_html directory through a Wordpress plugin, and after recently installing MyBB (which is working great!) the scan has flagged some files:

global.php
private.php
search.php

Just to confirm, these files are part of MyBB, right? Is there any reason why they may have been flagged?

Thanks!
Reply
#2
Yes those are all a part of MyBB. What kind of malware did it flag them as? If you didn't download a fresh copy of MyBB from mybb.com then someone could have tampered with the files, but other than that no those aren't malware.
My Plugins: [1.8]|[1.6]

** Selling custom plugin that enables Bitcoin payments. PM me if interested in purchasing! **
Reply
#3
run file verification tool available at tools & maintenance section of forum admin panel.
do you get above listed files as changed ?
Reply
#4
Sometime's antivirus marks legit files as virus, you can consider them as false positive!  other than this, do as .m.  suggested
Reply
#5
MyBB 1.x makes heavy use of eval(), likely a false positive but run a file verification check anyway.
No longer involved in the MyBB project.
Reply
#6
File Verification found nothing other than informing me that the /install/ directory is missing (it said to delete it after install?).

So I'm assuming it's a false positive. The forum is brand new other than a few CSS tweaks I have done to the theme.

Safe to say I can whitelist the files on the Anti-Malware scanner?
Reply
#7
Yes, they are fine if file verification says they are fine. Feel free to whitelist them.
Reply
#8
Just ran another scan and whitelisted the above files, but it had trouble reading this:
/admin/jscripts/codemirror/lib/codemirror.js

and then listed the following as "potential threats"

/announcements.php
/calendar.php
/contact.php
/editpost.php
/forumdisplay.php
/index.php
/managegroup.php
/member.php
/memberlist.php
/misc.php
/modcp.php
/moderation.php
/newreply.php
/newthread.php
/online.php
/polls.php
/portal.php
/printthread.php
/report.php
/reputation.php
/sendthread.php
/showteam.php
/showthread.php
/stats.php
/syndication.php
/usercp.php
/usercp2.php
/warnings.php
/xmlhttp.php
/admin/index.php
/admin/modules/config/settings.php
/admin/modules/forum/management.php
/inc/class_captcha.php
/inc/class_error.php
/inc/class_parser.php
/inc/functions.php
/inc/functions_calendar.php
/inc/functions_forumlist.php
/inc/functions_modcp.php
/inc/functions_online.php
/inc/functions_post.php
/inc/functions_search.php
/inc/functions_user.php
/inc/plugins/hello.php
/jscripts/thread.js
/jscripts/jeditable/jeditable.min.js
Reply
#9
if you have original source files of MyBB confirmed through file verification tool then
there should be nothing to worry about your scanner reports (reason is already given in post #5)
Reply
#10
(2016-05-17, 04:34 PM).m. Wrote: if you have original source files of MyBB confirmed through file verification tool then
there should be nothing to worry about your scanner reports (reason is already given in post #5)

Just wanted to be sure. Thanks for the clarification.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)