Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
/home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
    #1 cglmicro, Sep 5, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Sep 7, 2015
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
     
    #3 cglmicro, Sep 10, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
8f69732e1186668cd9e4e28000f802d0  diff
    Thus, it looks like a false positive.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Sep 10, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - ClamAV found exploit
  1. DevTeam9200

    How to remove clamav additional databases

    DevTeam9200, Oct 4, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    53
    cPanelLauren
    Oct 8, 2018
  2. Michaelit

    SOLVED Bypassing ClamAV Scan question

    Michaelit, Sep 11, 2018, in forum: Security
    Replies:
    11
    Views:
    421
    Michaelit
    Sep 20, 2018
  3. Peter Smith

    ClamAV duplicate database Warning

    Peter Smith, Sep 10, 2018, in forum: Security
    Replies:
    4
    Views:
    156
    cPanelMichael
    Sep 12, 2018
  4. Bdzzld

    ClamAV whitelist e-mail address

    Bdzzld, Sep 10, 2018, in forum: E-mail Discussion
    Replies:
    6
    Views:
    118
    cPanelLauren
    Sep 14, 2018
  5. Venomous21

    SOLVED [CPANEL-21749] ClamAV version 0.100.1

    Venomous21, Aug 15, 2018, in forum: Security
    Replies:
    2
    Views:
    206
    cPanelMichael
    Oct 1, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice