Page 1 of 1
hesk contains {HEX}Malware.Expert.s.r
Posted: Sun Jul 17, 2022 8:23 am
by tomasr
Hello,
I downloaded hesk free from the official website hesk.com but after a few days the hosting found me and blocked these files. Hosting note:
We have found the malware in following files:
/inc/admin_settings_status.inc.php (contains {HEX}Malware.Expert.s.r) /inc/common.inc.php (contains {HEX}Malware.Expert.s.r)
Re: hesk contains {HEX}Malware.Expert.s.r
Posted: Sun Jul 17, 2022 4:03 pm
by Klemen
Hesk contains absolutely no malware.
What you are seeing is a false alert - looks like the scanner your hosting company uses marks these two files because they contain obfuscated code (which handles Hesk licensing).
You are welcome to hire a PHP expert to review that code and confirm nothing harmful is going on.
If you let me know exactly what vulnerability scanner your hosting company uses I can also contact the vendor and report the false alert.
Re: hesk contains {HEX}Malware.Expert.s.r
Posted: Wed Jul 20, 2022 6:47 am
by tomasr
You're right
Hosting added the code to the exception on the website, the malware scan will not register it.
Thank you.
Re: hesk contains {HEX}Malware.Expert.s.r
Posted: Sun Jul 24, 2022 9:24 am
by Klemen
Glad to hear they did that for you.
Could you let me know what your hosting company is (or what exploit scanner they use) so I can contact the vendor and ask them to fix this for all their clients?
You can send in a private message if you don't want to post here.