I'm hosting amember on Dreamhost and for the second time, I'm getting this message from them: ----------------- The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether: /*********/amember/library/Am/License.php ------------------- When I check the file against what I originally downloaded, it seems fine but is it possible this is getting a false positive? or is it possible there's actual malware here? the file starts with // BEGIN AMEMBER STARTUP CODE $_f = chr($_x = 0x60 + 2*3 - 1) . chr($_x = $_x + 0x11) . chr($_x = $_x - 0x15) . "\x6c"; eval("\x65\x76\x61\x6c(\x67\x7a".chr($_x = 0x70 - 7).chr($_x += 5).chr($_x -= 8) . "\x6c\x61\x74" . "\x65\x28\x62". "\x61\x73\x65\x36". is it all the escaping triggering their malware detection?? or is my file looking off?
Hello, Your file is correct. It is encoded. Please contact your hosting support and ask them to add this file to exceptions list for his scanner. Best Regards.