‘ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]’

Home Forums BulletProof Security Pro ‘ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]’

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • July 2, 2021 at 12:02 pm #40453
    aoba
    Participant

    Hello,

    I’ve been using the plugin for a week now and it’s doing great, however i just got this message from my hosting telling that some Malicious Attempt to Access Hosting Account and this file below was captured by their system

    kindly advise.

    Thanks

    We have put the following content into quarantine as we believe it contains viruses or other malicious code. If you feel this has been in error and your file is false-positive (innocent), please submit a ticket to us ...

ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]:    /home/*******/bps-backup/logs/security-log.zip
    July 2, 2021 at 12:14 pm #40454
    AITpro Admin
    Keymaster

    The file that your host ClamAV malware scanner detected as malicious is the BPS Pro Security Log file.  Typically when this has happened in the past it means that you have chosen either the POST Request Body Data > Log Minimum POST Request Body Data (5KB) or the Log Maximum POST Request Body Data (250KB) option setting.  The Security Log entries will capture and log hacking attempts with POST Request Body Data in the Security Log, which will appear to be malicious to malware scanners.  The solution to prevent this problem from reoccurring is to check the POST Request Body Data > Do Not Log POST Request Body Data (0KB) option setting and click the Save POST Request Body Data Option button.

    POST Request Body Data
    [X] Do Not Log POST Request Body Data (0KB)
    [ ] Log Minimum POST Request Body Data (5KB)
    [ ] Log Maximum POST Request Body Data (250KB)

    July 2, 2021 at 12:31 pm #40455
    aoba
    Participant

    That’s my current settings. Is there anything else to check?

    July 2, 2021 at 12:47 pm #40456
    AITpro Admin
    Keymaster

    Ok well just ignore your host’s warning.  The file they quarantined was a security-log.zip file and not your actual /wp-content/bps-backup/logs/http_error_log.txt Security Log file.  Security Log zip files are created automatically when your Security Log file size exceeds 256KB or 500KB or 1MB depending on your Log file size option settings.  Security Log zip files are then automatically emailed to you after they are zipped.  You don’t need to keep/save security-log.zip files.

    Your host is not scanning plain .txt files.  So that is why the /wp-content/bps-backup/logs/http_error_log.txt Security Log file was not detected as being malicious.  They do obviously scan .zip files.  😉

    July 2, 2021 at 12:49 pm #40457
    aoba
    Participant

    If that’s the case, I’ll just follow your recommendations..

    Thanks.

    July 2, 2021 at 1:09 pm #40460
    aoba
    Participant

    Hello, again,

    They keep on sending me emails, if it possible to disable the zip file from generating?

    July 2, 2021 at 1:40 pm #40461
    AITpro Admin
    Keymaster

    You can turn Off Security Log zipping and emails by going to BPS Pro > S-Monitor > Email Alerting & Log File Options (right hand column of option settings) > Security Log File Email|Delete Log File > change this option setting to > Delete Log File.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.