Possible Infected Files – Scanner False Alarms

Home Forums BulletProof Security Pro Possible Infected Files – Scanner False Alarms

Tagged: , ,

Viewing 1 post (of 1 total)
  • Author
    Posts
  • November 14, 2012 at 7:54 am #192
    AITpro Admin
    Keymaster

    Email Question:

    Hello,

    I keep getting notifications from several hosting companies regarding possibly infected files:

    gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/tools/tools.php
gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/tools/tools.php

    I’m almost positive that these are false alarm.Is there any chance you’ll release a fix for this issue?Seems like too many hosting companies scan the plugin and identify it as malicious.

    Looking forward to your reply,Omer

    Answer:

    UPDATE:
    As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details:  http://forum.ait-pro.com/forums/topic/scanner-detects-malicious-code-or-infected-files-in-bps-pro-pro-tools/

    Yes, these notifications are of course false alarms generated by whatever scanner these Hosts are using.  The BPS Pro Pro-Tools page has a Base64 Decoder and Encoder and uses standard/safe/legitimate PHP functions to decode and encode Base64 code.

    You just need to notify these Hosts and either have them calibrate their scanner to not see this legitimate/safe coding as malicious coding or have these Hosts Whitelist the tools.php file or the BulletProof Security Plugin.

    I rarely ever get contacted by folks reporting that their web host’s scanner is seeing BPS and BPS Pro good code as bad code, but this does happen on occasion so you just need to have your Web Host’s calibrate their scanner or add a whitelist.

    In general, scanners are told/coded/programmed to look for certain coding patterns or php function names.  Scanners of course cannot really tell the difference between good PHP code and bad/malicious PHP code.  BPS and BPS Pro sometimes block other WordPress plugins from performing certain actions – these are false alarms.  When this happens I appropriately provide a solution to allow that other plugin to continue functioning normally without being blocked.  The same basic rule applies to these Hosts scanners – they are seeing legitimate/good code as bad/malicious code  so the scanner appropriately needs to be calibrated or a whitelist needs to be created.

    Thanks

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.