A False Positive of Sanesecurity Foxhole in cPanel Hosting with ClamAV

Updated on 4 June 2017

A zip file I uploaded to one of my cPanel hostings triggered a message:

"The file you uploaded, [file-name].zip, contains a virus so the upload was canceled: Sanesecurity.Foxhole.Zip_fn121.UNOFFICIAL FOUND"

At first I had no idea, why the .zip file was said to contain a virus. I was sure it was clean and it was confirmed by the up-to-date antivirus and malware scanner on the local computer. So why that zip file was flagged down?

Sanesecurity Foxhole Databases & False Positives

I found the Sanesecurity Foxhole databases that elaborate the current databases and their possible false positives.

If you are sure your files are clean, then you should check out the current databases and the false positives to find out what triggers the warning.

After that, you should be able to get a hint why you get similar error message like I got above when you upload a file to cPanel hosting with ClamAV virus scanner installed on it.

In my case, it was the double copy of .js files inside the .zip file that triggered the warning. I accidentally made extra copy of the file. The 'example.js' file and 'example - Copy.js' file should not be inside a same folder in a .zip file. What's the purpose of keeping double copy of the same .js files in a folder anyway, right? 😀

First published by  on Last Modified on 4 June 2017.


Add new comment
  • This issue only happened when creating a zip file using the Huawei file app but when used zarchiver it wasn’t flagged. Beware of using Huawei made software

  • The Latest Version: 3.0.75 of DIVI Theme by Elegant Themes has got this problem.

    • I don’t use that theme. Perhaps you can contact the developers to inform them about the issue so they can resolve it immediately.

    • A la fecha del día de hoy, Divi continúa con este problema, un usuario en uno de mis vídeos, JFrancisco, justo me comentó esto

      Me parece increible que divi continúe con el mismo problema ante estos falsos positivos, aunque más increible me parece que los desarrolladores del antivirus del cpanel no detecten aún que es un falso positivo, ya va para 6 años… increible :I

Add A Comment

Your email address will not be published. Required fields are marked *