Home › Forums › BulletProof Security Pro › ‘ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]’
- This topic has 6 replies, 2 voices, and was last updated 2 years, 9 months ago by AITpro Admin.
-
AuthorPosts
-
aobaParticipant
Hello,
I’ve been using the plugin for a week now and it’s doing great, however i just got this message from my hosting telling that some Malicious Attempt to Access Hosting Account and this file below was captured by their system
kindly advise.
Thanks
We have put the following content into quarantine as we believe it contains viruses or other malicious code. If you feel this has been in error and your file is false-positive (innocent), please submit a ticket to us ... ClamAV detected virus = [YARA.eval_post.UNOFFICIAL]: /home/*******/bps-backup/logs/security-log.zip
AITpro AdminKeymasterThe file that your host ClamAV malware scanner detected as malicious is the BPS Pro Security Log file. Typically when this has happened in the past it means that you have chosen either the POST Request Body Data > Log Minimum POST Request Body Data (5KB) or the Log Maximum POST Request Body Data (250KB) option setting. The Security Log entries will capture and log hacking attempts with POST Request Body Data in the Security Log, which will appear to be malicious to malware scanners. The solution to prevent this problem from reoccurring is to check the POST Request Body Data > Do Not Log POST Request Body Data (0KB) option setting and click the Save POST Request Body Data Option button.
POST Request Body Data
[X] Do Not Log POST Request Body Data (0KB)
[ ] Log Minimum POST Request Body Data (5KB)
[ ] Log Maximum POST Request Body Data (250KB)aobaParticipantThat’s my current settings. Is there anything else to check?
AITpro AdminKeymasterOk well just ignore your host’s warning. The file they quarantined was a security-log.zip file and not your actual /wp-content/bps-backup/logs/http_error_log.txt Security Log file. Security Log zip files are created automatically when your Security Log file size exceeds 256KB or 500KB or 1MB depending on your Log file size option settings. Security Log zip files are then automatically emailed to you after they are zipped. You don’t need to keep/save security-log.zip files.
Your host is not scanning plain .txt files. So that is why the /wp-content/bps-backup/logs/http_error_log.txt Security Log file was not detected as being malicious. They do obviously scan .zip files. 😉
aobaParticipantIf that’s the case, I’ll just follow your recommendations..
Thanks.
aobaParticipantHello, again,
They keep on sending me emails, if it possible to disable the zip file from generating?
AITpro AdminKeymasterYou can turn Off Security Log zipping and emails by going to BPS Pro > S-Monitor > Email Alerting & Log File Options (right hand column of option settings) > Security Log File Email|Delete Log File > change this option setting to > Delete Log File.
-
AuthorPosts
- You must be logged in to reply to this topic.