ImunifyAV Files Detected as Malicious

SJR

• May 06, 2026 06:57
• Edited

I scanned the entire server for threats.

2 files showed infected.

1.  /usr/share/nmap/scripts/http-waf-detect.nse

In the contents of the file it says:

"A script to detect WebDAV installations". Internet searches also say this file may send malicious code to test a site. I think that is why this file was flagged by ImunifyAV.

2.  /home/useracct/tmp/analog/ssl/website.com/cache

The first line after opening and viewing the file is:

"CACHE type 5 produced by analog 6.0/Unix. Do not modify or delete!"

Are either or both of these files false positives for ImunifyAV?

Any advice is greatly appreciated.

Thank you!

 

• 

  SJR

  • May 06, 2026 16:41

  Also of note: I did a full server scan a couple of days prior to this latest scan and there were no malicious files detected. There was an update of ImunifyAV so thus I ran the scan again.

  I have also learned that the cache file detected above is associated with the Analog Stats, which I have turned off in Tweak Settings a few years ago. The date of all the files in the directory with the cache file is that same date years ago. I guess I can assume this file is not a risk and I can delete the file or set to ignore it when scanning.

  Am I on the right track?

  0
• 

  cPRex Jurassic Moderator

  • May 06, 2026 18:49

  Hey there!  I would agree that these are generally false positives, but it would still be worth examining each file to see if there's anything odd in there.  You can delete that Analog stats cache file without any harm to the machine.

  0

Please sign in to leave a comment.