Here is the latest scan report:
Hi,
I got an alert today about malious content, deleted the content and now my hosting has run a malware scan and these four items are triggering an alert. We are using J1.5 with chronoforms V3.2.0, which I upgraded to today, ran the scan again with the same result.
We are a non-profit and all our donation forms are in chronoforms.
http://ortl.org
What does all this mean and can you tell me what I need to do to clear this up?
Kindest Regards,
Diana
SCAN ID: 030713-1445.25828
TIME: Mar 7 15:16:43 -0600
PATH: /home/ortlorg/public_html
TOTAL FILES: 28907
TOTAL HITS: 4
TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 030713-1445.25828
FILE HIT LIST:
{HEX}php.cmdshell.unclassed.344 : /home/ortlorg/public_html/images/stories/ortl/corub.php
{MD5}base64.inject.unclassed.2 : /home/ortlorg/public_html/components/com_chronocontact/chronocontact.html.php
{HEX}base64.inject.unclassed.7 : /home/ortlorg/public_html/web/tmp/cf/chronocontact.html.php
{HEX}base64.inject.unclassed.7 : /home/ortlorg/public_html/web/components/com_chronocontact/chronocontact.html.php
Hi,
I got an alert today about malious content, deleted the content and now my hosting has run a malware scan and these four items are triggering an alert. We are using J1.5 with chronoforms V3.2.0, which I upgraded to today, ran the scan again with the same result.
We are a non-profit and all our donation forms are in chronoforms.
http://ortl.org
What does all this mean and can you tell me what I need to do to clear this up?
Kindest Regards,
Diana
SCAN ID: 030713-1445.25828
TIME: Mar 7 15:16:43 -0600
PATH: /home/ortlorg/public_html
TOTAL FILES: 28907
TOTAL HITS: 4
TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 030713-1445.25828
FILE HIT LIST:
{HEX}php.cmdshell.unclassed.344 : /home/ortlorg/public_html/images/stories/ortl/corub.php
{MD5}base64.inject.unclassed.2 : /home/ortlorg/public_html/components/com_chronocontact/chronocontact.html.php
{HEX}base64.inject.unclassed.7 : /home/ortlorg/public_html/web/tmp/cf/chronocontact.html.php
{HEX}base64.inject.unclassed.7 : /home/ortlorg/public_html/web/components/com_chronocontact/chronocontact.html.php
Hi Diana,
It means that your scanner is over-enthusiastic. There is nothing 'bad' in any of these files*, put them back, white-list them in the scanner software and carry on as before.
Bob
* The scanner is correct to the point where there is some code which, in some circumstances, might possibly indicate a problem. In this case it's giving you a 'false positive' result.
It means that your scanner is over-enthusiastic. There is nothing 'bad' in any of these files*, put them back, white-list them in the scanner software and carry on as before.
Bob
* The scanner is correct to the point where there is some code which, in some circumstances, might possibly indicate a problem. In this case it's giving you a 'false positive' result.
Thank you Greyhead,
My host uses a malware scanner that is not an in house scanner so they can't whitelist anything. They said that I can ignore the scanner results since all the infected files were removed. Infected files had nothing to do with ChronoForms though.
Appreciate your expertise and quick reply,
Diana
My host uses a malware scanner that is not an in house scanner so they can't whitelist anything. They said that I can ignore the scanner results since all the infected files were removed. Infected files had nothing to do with ChronoForms though.
Appreciate your expertise and quick reply,
Diana
This topic is locked and no more replies can be posted.
