Page 1 of 1


Posted: 07 Dec 2017, 21:38
by tvc
Getting lots of what appear to be false positives on the WordPress file:
since the WordPress 4.9.1 update.

ClamAV detected virus = [Html.Trojan.Hidelink-6390190-0]

Anyone else noticing this as well?

Thanks all!

Re: default-widgets.php

Posted: 25 Jan 2018, 09:38
by Havri

Yes, for some time now, we get the same false positives on a lot of our Wordpress sites. This leads to error 500 on a Wordpress website.

This can be temporarily resolved by putting the following line in /etc/cxs/cxs.ignore, /etc/cxs/cxs.ignore.fullscan or whatever cxs settings file you are using to scan or watch the filesystem:

Code: Select all

Alternatively, you can put the md5sum entry in the ignore file:

Code: Select all

First you'll have to find which CXS process is actually putting the default-widgets.php file into quarantine (it can be CXS watch, a full CXS scan of the /home directory or any other CXS scan configured by you).

Running diff on the quarantined file and a fresh file from the Wordpress kit did not show any differences:

Code: Select all

root@myserver1 [/home/user1/public_html]# diff /home/user1/public_html/wp-includes/default-widgets.php /myfolder/quarantine/cxsuser/user1/default-widgets.php.1512565991_1
Good luck.

Re: default-widgets.php

Posted: 25 Jan 2018, 14:57
by tvc
Hmm, oddly my install across many servers is not picking that up or doing a quarantine on it this month.