This is a warning to those who may be using the BCSE Point-Of-Sale mod. My well secured site had recently started sending out spam, this was detected by CSF Firewall installed on my dedicated server. After a thorough scan of the server using Maldetect for Linux, it was traced back to BCSE files supplied for the Point-of-Sale mod. I am running X-Cart 4.6.4 and was using the mod for version 4.5x (it still worked fine in version 4.6.4). When I contacted BCSE, they said I need to upgrade to the latest version. Huh? Anyway, I did that. Here we are a few days later and once again, their files show up as malware after a scan. Only their files, no others on my entire site. So I *highly* recommend anyone here using this mod to run maldetect scan and verify this is not occurring with files supplied by them.
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 092414-0317.4115
FILE HIT LIST:
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/admin/bcse_point_of_sale.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/initialize.cim.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/sessions.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/functions.conf.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/adpm.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/init.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/pos.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/hosted_return.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/products.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/functions.cim.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/payment.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/functions.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/display_page.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/order.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/config.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/configuration.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/functions.cc.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/functions.js.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/customer.php
{HEX}gzbase64.inject.unclassed.15 : /home/server/public_html/modules/BCSE_Point_of_Sale/initialize.php
===============================================
Linux Malware Detect v1.4.2 <
proj@rfxn.com >