It first of all means that you most likely used virustotal.com, which is a great online service providing antivirus analysis routines from 54 different antivirus routines. 53 show a green checkmark (no known viruses or malware found) and only Bkav says “CPRBD72.Webshell”…
Now this either means that Bkav is the only one who was able to detect this webshell and the others failed or Bkav gave a false positive.
When you do some research on Google about “Bkav Antivirus” you will learn that they have specialized on Android…
Looks pretty much like a false positive, huh?
Why does Bkav do this? When you examine the .php file of which Bkav thinks that it contains the webshell, you will find some BASE64 code, which is contains the WPMUDEV logo. Using BASE64 Code in php is a a very ugly thing to do but unfortunately what WPMUDEV does and what most likely triggers the false positive.