Eu tenho usado maldet
por muitos meses e funcionou bem até agora. Há cerca de uma semana atrás, está detectando um {HEX}PHP.Bypassshell
em massa em quase todos os arquivos PHP. Eu até baixei uma cópia limpa do Joomla 3 e ainda detectei isso dentro dos arquivos PHP.
Alguma opinião sobre qual poderia ser o problema? Resultados da amostra:
malware detect scan report for xxxxxxxx: SCAN ID: 072513-1957.12823 TIME: Jul 25 19:58:04 -0400 PATH: /home/xxxxx/public_html/testnew/ TOTAL FILES: 5549 TOTAL HITS: 361 TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 072513-1957.12823 FILE HIT LIST: {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/templates/hathor/html/com_categories/categories/default.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/templates/hathor/html/com_menus/items/default.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/templates/hathor/html/layouts/joomla/edit/details.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/components/com_cache/models/cache.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/components/com_cache/controller.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/components/com_content/models/article.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/administrator/components/com_content/models/fields/modal/article.php .......... {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/field.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/fields/color.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/fields/checkbox.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/fields/databaseconnection.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/fields/note.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/form/rule.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/oauth1/client.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/session/storage.php {HEX}PHP.Bypassshell : /home/xxxxxx/public_html/testnew/libraries/joomla/profiler/profiler.php ..........