A False Positive of Sanesecurity Foxhole in cPanel Hosting with ClamAV

Updated on 4 June 2017

A zip file I uploaded to one of my cPanel hostings triggered a message:

"The file you uploaded, [file-name].zip, contains a virus so the upload was canceled: Sanesecurity.Foxhole.Zip_fn121.UNOFFICIAL FOUND"

At first I had no idea, why the .zip file was said to contain a virus. I was sure it was clean and it was confirmed by the up-to-date antivirus and malware scanner on the local computer. So why that zip file was flagged down?

Sanesecurity Foxhole Databases & False Positives

I found the Sanesecurity Foxhole databases that elaborate the current databases and their possible false positives.

If you are sure your files are clean, then you should check out the current databases and the false positives to find out what triggers the warning.

After that, you should be able to get a hint why you get similar error message like I got above when you upload a file to cPanel hosting with ClamAV virus scanner installed on it.

In my case, it was the double copy of .js files inside the .zip file that triggered the warning. I accidentally made extra copy of the file. The 'example.js' file and 'example - Copy.js' file should not be inside a same folder in a .zip file. What's the purpose of keeping double copy of the same .js files in a folder anyway, right? 😀

First published by  on Last Modified on 4 June 2017.


Add new comment

Leave a Reply

Your email address will not be published. Required fields are marked *