Imunify360 Blog

False Positive SMW-BLKH-46666-auto from Wordpress file

Written by Dmitry Tkachuk | Jun 11, 2020 9:22:00 AM

8 Jun, 2020 new Black Hashes DB for Imunify products were released.

Release details:

       UUID: 0d09db4d-8610-4a74-b026-1934bb1e9854

       Date: 2020-06-08 

By this update legitimate WordPress file wp-blog-header.php was rated as malicious with verdict SMW-BLKH-46666-auto which caused False Positive alerts.

Imunify360 team removed this False Positive black hash and released hotfix 14 hours later:

Release details:

       UUID: 98d38e06-ed62-4bfc-bd66-32253caeaefe

       Date: 2020-06-09

       Removes SMW-BLKH-46666-auto

 

Due to Imunify products internal logic there might be some left overs, so you need to do a few manual steps to completely fix the issue. 

 

Mitigation steps

  1. First you need to make sure you have “wp-blog-header.php” files rated as malicious (SMW-BLKH-46666-auto). You can stop right here if no such files were found.

  2. Force malware signatures DB update

Imunify360

ImunifyAV/AV+

# imunify360-agent update sigs --force

# imunify-antivirus update sigs --force

 

     3. Following steps depend on your cleanup settings

notify

cleanup, quarantine or delete

  1. Do a touch for each affected file:
    # touch <file>

  2. Re-scan
  1. Restore files from backup

 

     4. False Positives should be already fixed at this point.

 

Stay In Touch

If you encounter any problems with this false positive fix, please send a comment or request to our Imunify support team via https://cloudlinux.zendesk.com/hc/requests/new. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.