I just scanned the plugin : The WPMU DEV Google Maps Plugin
i found : CPRBD72.Webshell in the plugins
What does this mean?
It first of all means that you most likely used virustotal.com, which is a great online service providing antivirus analysis routines from 54 different antivirus routines. 53 show a green checkmark (no known viruses or malware found) and only Bkav says “CPRBD72.Webshell”…
Now this either means that Bkav is the only one who was able to detect this webshell and the others failed or Bkav gave a false positive.
When you do some research on Google about “Bkav Antivirus” you will learn that they have specialized on Android…
Looks pretty much like a false positive, huh?
Why does Bkav do this? When you examine the .php file of which Bkav thinks that it contains the webshell, you will find some BASE64 code, which is contains the WPMUDEV logo. Using BASE64 Code in php is a a very ugly thing to do but unfortunately what WPMUDEV does and what most likely triggers the false positive.
Thank you for the quick reply and the explanation! I understand
I even i downloaded the free version from WPMUDEV website and scanned it Bkav detect a webshell in in it even it’s from official developer website
Thank you very much!
to be safe remove the base64 code and replace with your own logo.
You must be logged in to reply to this topic.