ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False Positives On WordPress Sites After Latest Update
Volnus


Joined: 01 Feb 2016
Posts: 1
Location: United States
Reply with quote
I believe the recent update of your antivirus engine has caused a sharp increase in false positives particularly with caching plugins on WordPress.

There is a very large thread about this on several false positives tied to.

PUA.Phishing.Bank

Some of the submitted files which when checked against VirusTotal are returning 100% safe from both file submission and url checking so its really odd.

Here are some examples.
http://hindisoch.com/wp-content/cache/page_enhanced/www.hindisoch.com/our-parents/_index.html
http://hindisoch.com/wp-content/cache/page_enhanced/www.hindisoch.com/our-parents/_index.html_gzip
http://www.trendingtop5.com/wp-content/cache/page_enhanced/www.trendingtop5.com/top-educational-websites-in-india/_index.html
http://www.trendingtop5.com/wp-content/cache/page_enhanced/www.trendingtop5.com/best-heart-hospital-in-india/_index.html_gzip.old
http://www.trendingtop5.com/wp-content/cache/page_enhanced/www.trendingtop5.com/top-5-best-trekking-places-in-india/_index.html_gzip

Forum thread in regard: https://wordpress.org/support/topic/w3-total-chache-cached-files-contain-virus?replies=19#post-7969978

Keep in mind its not just this particular plugin people are reporting this for WP Rocket, WP Super Cache (automatic), and more its something consistent with their virus scanner which is likely a false positive. (all which are powered by ClamWin's antivirus engine).
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
ClamWin uses the scan engine and virus database provided by the Clam AV project. All false positives should be reported to Clam AV via their web page at http://www.clamav.net/contact on the web (be sure to select the false positive reporting option).

However, Clam AV has a policy of not correcting false signatures on PUA. PUA is an optional detection. Many Clam AV PUA signatures are made on packers and installers--which can be used by both goodware and malware. So you will save yourself a lot of grief by getting rid of the --detect-pua configuration in the command line block on the ClamWin Advanced tab.

Regards,
View user's profileSend private message
False Positives On WordPress Sites After Latest Update
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic