Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
/home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
    #1 cglmicro, Sep 5, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,395
    Likes Received:
    1,951
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Sep 7, 2015
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
     
    #3 cglmicro, Sep 10, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,395
    Likes Received:
    1,951
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
8f69732e1186668cd9e4e28000f802d0  diff
    Thus, it looks like a false positive.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Sep 10, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - ClamAV found exploit
  1. keat63

    CLAMAV not working as expected

    keat63, Dec 4, 2018 at 3:25 AM, in forum: E-mail Discussion
    Replies:
    2
    Views:
    295
    cPanelLauren
    Dec 5, 2018 at 12:29 PM
  2. jlucho

    Problem updating ClamAV

    jlucho, Nov 26, 2018, in forum: Security
    Replies:
    11
    Views:
    287
    cPanelLauren
    Nov 28, 2018
  3. Mehmet Sen

    SOLVED Scan All Accounts with ClamAV?

    Mehmet Sen, Nov 12, 2018, in forum: Security
    Replies:
    2
    Views:
    123
    cPanelMichael
    Nov 12, 2018
  4. durangod

    Tar archive with clamav and cpaneldemo permissions

    durangod, Oct 21, 2018, in forum: Security
    Replies:
    1
    Views:
    106
    cPanelLauren
    Oct 23, 2018
  5. DevTeam9200

    How to remove clamav additional databases

    DevTeam9200, Oct 4, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    116
    cPanelLauren
    Oct 8, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice