Problem with malware? mscan-ajax-functions.php and mscan-pattern-match.php

Home Forums BulletProof Security Pro Problem with malware? mscan-ajax-functions.php and mscan-pattern-match.php

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 2, 2018 at 4:14 am #35993
    Mai
    Participant

    hi

    my host gave me some warnnings and am not sure r they correct or no
    problem i am facing is with email being sent form my sites in huge amount so i cant send emails
    here is what they said

    We are seeing the following during a malware scan of the account:

    /home/maiweb/kanee.com/q8jobs/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php: {HEX}a2.edoced_46esab.1.UNOFFICIAL FOUND
/home/maiweb/amazingtr.com/wp-content/bps-backup/mscan/mscan-pattern-match.php: {HEX}a2.edoced_46esab.1.UNOFFICIAL FOUND
/home/maiweb/public_html/wp-content/bps-backup/mscan/mscan-pattern-match.php: {HEX}a2.edoced_46esab.1.UNOFFICIAL FOUND
/home/maiweb/glsummitq8.com/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php: {HEX}a2.edoced_46esab.1.UNOFFICIAL FOUND

    i have emaile du but no replay

    please advise
    thank u so much
    i have the pro account

    July 2, 2018 at 11:28 am #35994
    AITpro Admin
    Keymaster

    These are false positives that you can ignore.  You should probably inform your web host that these are false positives so that they do not take negative action against your hosting account.  Your web host malware scanner is detecting the malware scanning pattern code in BPS Pro MScan.  This is pretty common issue with malware scanners and one of the primary reasons malware scanners are not really that reliable.  This type of common issue does not happen with BPS Pro AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS) scanner because ARQ IDPS is far superior to any malware scanners including BPS Pro MScan.

    September 15, 2018 at 12:13 am #36461
    PAL99
    Participant

    Hi – my host is webhostinghub and they have run a scan and found the same edoced_46esab malware.  Are these false positives too?  They are all under respective bps-backup/scan directories.

    /home/blaguk5/public_html/blag/wp-content/bps-backup/mscan/mscan-pattern-match.php:edoced_46esab

    September 15, 2018 at 11:47 am #36463
    AITpro Admin
    Keymaster

    @ Pal99 – Yep, this is a false positive. Your host scanner is matching the pattern matching code used by MScan. This is a very common problem with all malware scanners and that is why they are inferior to the BPS Pro AutoRestore|Quarantine Intrusion Detection and Prevention System (ARQ IDPS) scanning feature. You can ask your host to ignore/exclude/not scan the /home/blaguk5/public_html/blag/wp-content/bps-backup/mscan/mscan-pattern-match.php file.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.