Can not upload zip files - Virus detected
Hello dears
Merry Christmas :)
I can not upload this file via cpanel file manager
Error:
The file you uploaded, vendor.zip, contains a virus so the upload was canceled: Win.Trojan.Toa-5372190-0 FOUND
I checked file, Many antivirus marked it as OK, No virus detected. This problem occurs for other servers and also other zip files. When I unzip files and upload one by one, cpanel upload them without any issue. This is the zip file: - Removed - We use cloudlinux 6.x and 7.x x86_64 with latest cpanel/whm (release) version I have root access Regards
I checked file, Many antivirus marked it as OK, No virus detected. This problem occurs for other servers and also other zip files. When I unzip files and upload one by one, cpanel upload them without any issue. This is the zip file: - Removed - We use cloudlinux 6.x and 7.x x86_64 with latest cpanel/whm (release) version I have root access Regards
-
Clamscan of your file vendor.zip results in : # clamscan -ia ~/vendor.zip ~/vendor.zip!ZIP:vendor/phpdocumentor/type-resolver/phpmd.xml.dist!...!(72)ZIP:vendor/symfony/console/Resources/bin/hiddeninput.exe: Win.Trojan.Toa-5372190-0 FOUND ~/vendor.zip: Win.Trojan.Toa-5372190-0 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 5389274 Engine version: 0.99.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 9.09 MB Data read: 7.87 MB (ratio 1.16:1) Time: 15.690 sec (0 m 15 s)
After unzipping (on a linux box) the resulting clamscan shows:# clamscan -ir ~/vendor ----------- SCAN SUMMARY ----------- Known viruses: 5389274 Engine version: 0.99.2 Scanned directories: 1061 Scanned files: 5198 Infected files: 0 Data scanned: 28.16 MB Data read: 16.57 MB (ratio 1.70:1) Time: 17.367 sec (0 m 17 s)
.... so I have to wonder if there is anything in the zip that is detecting the environment and only triggering the exploit file if it is unzipped or loaded on a windows box. Of course, there is always the possibility that the ClamAV result is a false positive, but there again, there is always the possibility that it is detecting something no one else is ! Personally, it was my server, I would always go with the safe option .... if an antivirus showed a zip as having malware embedded within it, I would either destroy the zip, or if I had no choice but to use it, I would take every measure I could to disinfect it before deploying it.0 -
This problem occurs for other servers and also other zip files.
Hello @musioc, I concur with the previous post, however could you elaborate a little more on the quote above? Is this happening for every zip file, or only zip files that produce similar results with the clamscan command referenced in the previous response? Thank you.0
Please sign in to leave a comment.
Comments
2 comments