- This topic has 2 replies, 2 voices, and was last updated 4 years, 11 months ago by App Factory Store.
-
Posts
-
Hi,
My server runs the “maldet” script each night to try to detect malware and viruses in customer web space.
Recently the nightly scan has begun finding issue with the db backup file for a particular site.
Every night it finds this issue, quarantines the file and sends a notification, which looks like this: (names redacted)`
FILE HIT LIST:
{YARA}eval_post : /var/www/clients/client11/web177/web/wp-content/updraft/backup_2019-05-16-1204_NAME_REDACTED_8daac6bcd8e5-db.gz => /usr/local/maldetect/quarantine/backup_2019-05-16-1204_NAME_REDACTED_8daac6bcd8e5-db.gz.2551417144
===============================================
Linux Malware Detect v1.6.4 < [email protected] >
`I have several other sites on this server, all running UpdraftPlus, but only this one triggers maldet.
It doesn’t seem to have a problem with anything else in that site either – only the compressed db file. It is clearly a false positive, but I’d love to find a solution (other than excluding or whitelisting a folder, which wouldn’t be safe).
I discovered this topic also: https://wordpress.org/support/topic/possible-virus-in-plugin-found-by-the-host/
However it seems to be different to my issue – in their case it was /wp-content/plugins/updraftplus/index.html that triggered maldet. In my case maldet has no problem with that file.Many thanks
Geoff.
Hi,
If your virus-scanner thinks that there is something nasty inside the backup of your WordPress database, then that implies it thinks there is something nasty in your WordPress database. The best thing to do would be to contact your web host or developer so that they can check that out. UpdraftPlus itself isn’t an anti-virus tool, so it doesn’t have any tools within it to give you any particular help in analysing what that might be.
Best wishes,
David
- The topic ‘Server-based anti-virus detecting threat in backup file’ is closed to new replies.