The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
/home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
    #1 cglmicro, Sep 5, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
    #2 cPanelMichael, Sep 7, 2015
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
     
    #3 cglmicro, Sep 10, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
8f69732e1186668cd9e4e28000f802d0  diff
    Thus, it looks like a false positive.

    Thank you.
     
    #4 cPanelMichael, Sep 10, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - ClamAV found exploit
  1. Steve Kessler

    What to do About ClamAV False Positives

    Steve Kessler, May 27, 2017, in forum: Security
    Replies:
    5
    Views:
    195
    rpvw
    May 28, 2017
  2. dubweb

    Clamav Malformed database

    dubweb, May 16, 2017, in forum: E-mail Discussions
    Replies:
    2
    Views:
    305
    cPanelJasonT
    May 17, 2017
  3. Keith Becker

    ClamAV installed cannot find clamscan

    Keith Becker, Apr 19, 2017, in forum: Security
    Replies:
    1
    Views:
    211
    cPanelMichael
    Apr 19, 2017
  4. Nirjonadda

    SOLVED Configure ClamAV Scanner

    Nirjonadda, Apr 3, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    289
    cPanelMichael
    Apr 4, 2017
  5. bugetarul

    ClamAV Not Installed Properly

    bugetarul, Dec 21, 2016, in forum: General Discussion
    Replies:
    1
    Views:
    370
    cPanelMichael
    Dec 22, 2016

Share This Page