Skip to content

ImunifyAV false positive on Sendy 7 File Manager / tinyfilemanager.php

marcelopmarcelop
edited June 9 in Using Sendy

Hi Ben,

TL;DR:
ImunifyAV may flag Sendy 7’s new File Manager as malware, but if the file matches the official Sendy package, it looks like a false positive and can be whitelisted.

Just posting this in case other Sendy users receive this warning from their hosting provider, or notice it themselves in WHM/ImunifyAV, and start searching for the signature online.

Detected file:
includes/filemanager/tinyfilemanager.php

Example full path:
/home/USER/public_html/includes/filemanager/tinyfilemanager.php

ImunifyAV signature:
SMW-BLKH-SA-CLOUDAV-php.bkdr.admin.tool.fm-NP1539-2,php.admin.tool.fm-NP439-1,php.admin.tool.fm-NP448-1,php.admin.tool.fm-NP773-2

From what we checked, this appears to be a false positive caused by Sendy 7’s new File Manager feature, not an infected Sendy package.

Why it makes sense:

  • Sendy 7 introduced the new File Manager.
  • The detected file is part of the official Sendy 7 package.
  • It is based on Tiny File Manager, a legitimate PHP file manager.
  • ImunifyAV seems to detect it by behavior/category as an admin/file manager tool.
  • That is understandable, since it can upload, edit, rename, delete and manage files.
  • We did not find typical PHP webshell indicators such as hidden eval/base64 payloads or obvious obfuscation.
  • Given recent supply-chain attacks, the warning can look alarming at first.

So, if the file matches the official Sendy package, it should be safe to add it to ImunifyAV’s ignore/whitelist list.

Hope this helps other admins avoid unnecessary panic.

Best,
Marcelo

This discussion has been closed.