License.php identified as malware??

Discussion in 'Troubleshooting' started by easyprompter, Jun 7, 2017.

  1. easyprompter

    easyprompter New Member

    Joined:
    Oct 4, 2016
    Messages:
    28
    I'm hosting amember on Dreamhost and for the second time, I'm getting this message from them:

    -----------------
    The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

    /*********/amember/library/Am/License.php
    -------------------


    When I check the file against what I originally downloaded, it seems fine but is it possible this is getting a false positive? or is it possible there's actual malware here?

    the file starts with
    // BEGIN AMEMBER STARTUP CODE
    $_f = chr($_x = 0x60 + 2*3 - 1) . chr($_x = $_x + 0x11) . chr($_x = $_x - 0x15) . "\x6c"; eval("\x65\x76\x61\x6c(\x67\x7a".chr($_x = 0x70 - 7).chr($_x += 5).chr($_x -= 8) . "\x6c\x61\x74" . "\x65\x28\x62".
    "\x61\x73\x65\x36".

    is it all the escaping triggering their malware detection?? or is my file looking off?
  2. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    2,295
    Hello,

    Your file is correct. It is encoded. Please contact your hosting support and ask them to add this file to exceptions list for his scanner.

    Best Regards.

Share This Page