default-widgets.php

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
Post Reply
tvc
Junior Member
Posts: 9
Joined: 05 Feb 2014, 19:00

default-widgets.php

Post by tvc »

Getting lots of what appear to be false positives on the WordPress file:
default-widgets.php
since the WordPress 4.9.1 update.

as:
ClamAV detected virus = [Html.Trojan.Hidelink-6390190-0]

Anyone else noticing this as well?

Thanks all!
Havri
Junior Member
Posts: 5
Joined: 05 Jan 2016, 10:10

Re: default-widgets.php

Post by Havri »

Hello,

Yes, for some time now, we get the same false positives on a lot of our Wordpress sites. This leads to error 500 on a Wordpress website.

This can be temporarily resolved by putting the following line in /etc/cxs/cxs.ignore, /etc/cxs/cxs.ignore.fullscan or whatever cxs settings file you are using to scan or watch the filesystem:

Code: Select all

pfile:default-widgets.php
Alternatively, you can put the md5sum entry in the ignore file:

Code: Select all

md5sum:ef4d04c6f206baf2f5042c7b1d150a87
First you'll have to find which CXS process is actually putting the default-widgets.php file into quarantine (it can be CXS watch, a full CXS scan of the /home directory or any other CXS scan configured by you).

Running diff on the quarantined file and a fresh file from the Wordpress kit did not show any differences:

Code: Select all

root@myserver1 [/home/user1/public_html]# diff /home/user1/public_html/wp-includes/default-widgets.php /myfolder/quarantine/cxsuser/user1/default-widgets.php.1512565991_1
Good luck.
tvc
Junior Member
Posts: 9
Joined: 05 Feb 2014, 19:00

Re: default-widgets.php

Post by tvc »

Hmm, oddly my install across many servers is not picking that up or doing a quarantine on it this month.
Post Reply