CMS Made Simple Forums

Hello, I have recently updated my sites to 2.2 but now can't load the following pages in the backend,

System Maintenance
System Information
System Verification

In the error log it says

[14-Jun-2017 13:09:00 Europe/London] PHP Fatal error: require_once(): Failed opening required '/home/xxxxxxx/public_html/lib/test.functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/xxxxxxx/public_html/admin/systemmaintenance.php on line 41

This file appears to be missing - was this deleted?

Those pages work for me and test.functions.php is present on my CMSMS 2.2 installation.

I have uploaded the file and all seems as normal now. It is a little odd why it was missing / removed?

I've had host's anti-virus programs remove a file before, or could have been a file system/hardware glitch.

Same thing happened to me after upgrade to 2.2. File is missing. Downloaded the file from another installation, but when uploading the file is stopped by the the filemanager in Cpanel, saying it contains virus.

When making a new file called test.functions.php and pasting in the code, the file is created but gets deleted somehow when page is refreshed. Why? Any suggestions on how to fix?

I confirmed that this file IS present in the archive for 2.2 and is installed properly in yet another test installation.

So I think your host is messing with your files. Perhaps due to some false-positive virus detection or something.

I don't use CMSMS on a cPanel host, but I uploaded test.functions.php to a cPanel host using the File Manager and got this:

The file you uploaded, test.functions.php, contains a virus so the upload was canceled: YARA.multiple_webshells_0018.UNOFFICIAL FOUND

It seems like it needs to be reported as a false positive to cPanel.

Don't think it's a cpanel thing as only 2 people have noted this.

I think it's more of a 'host implementing a custom set of rules' thing.

I'd complain to my host, and send them that rule information, and a copy of the file.

My host has now solved the problem for me. I do not know what they did to correct it, but I have requested an explanation so that others with the same problem might get a clue as to what to say/do to fix it. If/when I get an answer I will post it here.

Trenia wrote:My host has now solved the problem for me. I do not know what they did to correct it, but I have requested an explanation so that others with the same problem might get a clue as to what to say/do to fix it. If/when I get an answer I will post it here.

Server host says that the challenge was to configure the anti virus software to ignore the test.functions file and not react to it as virus infected and delete the file. So the upgrade to cmsms 2.2 created a false-positive which now has been reported.

Just to add some more info on this matter because it has happened to me on two installations on different hosts.

This is due to Yara rules, a set of rules for identifying threats (usually used in ClamAV by certain hosts it seems). I don't know how popular the use of these rules is but my metrics based on my installations, I have the problem in 2 out of the 9 different hosting providers I have CMSMS sites on.

The rule that causes the problem is named multiple_webshells_0018 (https://github.com/Yara-Rules/rules/blo ... .yar#L4764.

It throws a positive on the permission_octal2string function in test.functions.php for 2 lines: and A simple change in the wording eg. changing $owner to $fowner makes the file pass the validation.

For anynone interested, they have an online tool to test files against the rulesets https://analysis.yararules.com/.

If I understood correctly Trenia has reported it to the Yara team but so far I don't see any changes on the rule. Maybe if the CMSMS team report it to the Yara team they might get on with it faster or else a change of the variable wording would perhaps be feasible.