Virus in Elgg main file.


I want to install the latest version of Elgg on CPannel but it says : The file you uploaded,, contains a virus so the upload was canceled: {HEX}php.exe.globals.411.UNOFFICIAL FOUND

I've downloaded this file on the Elgg site.

When can I found an unafected Ell script?

Thank you

  • Dicsussed already.

    Shortly, Elgg hasn't any exe files.

  • Thank you but your answer dont help me. It doesn't give a solution.

    Maybe Elgg is not suppose to have an .exe file but it look's like it does. The goal of the hackers is to put virus where it's not suppose to have some so maybe Elgg have get hacked??

    So where can I found the latest Elgg scipt file without the .exe virus file in it?

    Thank you


    And I don't think that "Elgg have get hacked".

    Problem is CPanel or any hosting' software/script etc

  • It,s verry sad. Older version of Elgg no problems to upload but the latest I can't. I try to configure FTP but I cant.

    Someone know how to upload Elgg to Cpannel without that virus message?

  • I installed Elgg. 2.3.9 through cPanel.

    In my cPanel version I have Softaculous Apps Installer. If you have this version, select Social Networking and then select Elgg. Click on Download at the right bottom. Select the version you'd like to install and it will do it automatically.


    P.S. I hope it is without any virus :)

  • I still can't upload Elgg on my server. I dont have Softaculous and via FTP it does not work for me.

    The problematic file look to be in the "vendor" file. View pictures:

    I really think Elgg should investigate in the "Vendor" file because I'm not alone with that problem. At lest find out what cause that problem.

  • If you have FTP access then why you don't try this way (not comfortable with CLI recommendations)?

    Again, Elgg hasn't any problem with the mentioned "virus".

  • I can't with FTP. The connection dont work. I dont know what is CLI recommendations. I have try with Filezilla and an other ont and it said it can't connect but that's not a Elgg problem.

    I have try to find in my WHM how to turn off the CPannel protection which prevent the upload of the problematic file but dont figure how.

    My only option for the moment is to find which file in the Elgg "vendor" fill who cause that problem. I dont say it's a true virus but it have a problem there. It's sad that it's me who have to do this. If I would be the Elgg Boss, I would correct that problem specially when many user have the same problem.

    I will comme back to this post when I have some news.

  • Are you trying to upload 2.3.9 or 3.0.0-rc.1? I see in the file elgg-3.0.0-rc.1/vendor/robmorgan/phinx/bin/phinx.bat the ONLY usage of php.exe at all. No usage of "php.exe" in any file in 2.3.9. The usage in phinx.bat is perfectly valid. Though you wouldn't need it outside development scope, so you could omit it if this file is the culprit. If it's not this file that the virus warning is about (as it's only in the 3.0 RC zip file) the warning might not be as clear and it's bothering about something else than usage of the term "php.exe". Still it's a false positive quite surely. Can you upload the unzipped files? It might take longer this way but then you would know what file is causing the issue (and you would likely to have to correct the file and folder permissions after upload if you unzipped on Windows as this OS can't handle Unix/Linux permissions).

  • Inside the "Vendor" file:

    I continu the work..