Did you receive a malware alert on your website through the Security & Malware Scan by CleanTalk plugin? Don't worry, it's likely a false alarm. Let's explain why and what you can do about it.
Why the alert?
The notification focuses on two specific files that are part of widely recognized and used PHP libraries:
1. Carbon: GitHub - Carbon
2. Symfony HTTP Kernel: GitHub - Symfony HTTP Kernel and GitHub - Symfony
These libraries are fundamental in web development with PHP, boasting thousands of stars on GitHub and maintained by active communities of hundreds of developers. Their extensive use in millions of projects worldwide gives us full confidence in their security.
Cause of the confusion
The CleanTalk plugin may flag these files as suspicious due to their use of the "eval" function. While "eval" can be risky and is not recommended in the official PHP documentation, it is handled safely in the controlled context of these libraries.
If you have any concerns or need further assistance, please feel free to reach out.
What does this mean for you?
You can rest assured that the mentioned files do not pose a malware threat to your website. These are false positive alerts generated by the plugin's standard precautions against specific code patterns.
Steps to follow
If you encounter this situation, we recommend:
- Verify the alerts: Ensure that the alerts specifically refer to these files and libraries.
- Keep your plugins updated: Make sure that both the CleanTalk plugin and any others are updated to benefit from the latest detection and security improvements.
- Consult if necessary: If you still have doubts or need additional advice, feel free to contact us or consult with security experts.
Remember, we are here to help you. At Modular, your security is our priority, and we continually work to ensure the best experience for you.