ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

New virus found that Maldex, CXS, Clam has not detected

https://forum.configserver.com/viewtopic.php?t=8665

Page 1 of 1

New virus found that Maldex, CXS, Clam has not detected

Posted: 11 May 2015, 11:36
by mitchmenghi
Hello,

We have uncovered a suspicious file that i am overly surprised no scanner has picked up and its very concerning.

The filename is called 'indonesia.php'

I was sitting in one of our customer Wordpress installs and in some sub directories. The contents of the file is as follows.
Moderated Message:
Do not post exploits on these forums
We are in no way experts but that does seem to be malware.

Has anyone seen this before, or how is it that CXS being a paid solution even after a month did not pick this up ???

Re: New virus found that Maldex, CXS, Clam has not detected

Posted: 11 May 2015, 12:29
by ForumAdmin
If you would like to submit an exploit for consideration you should use the following syntax:

Code: Select all

cxs --wttw /path/to/exploit.php
We will review the file and consider detection for it in the future. If you want to detect it yourself you can use the cxs --xtra [file] syntax with an xtra file (see documentation) to include your own detection for it.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited