[GH-ISSUE #1316] 3/65 security vendors flagged this file as malicious #841

New issue

Open

opened 2026-03-02 16:01:44 +03:00 by kerem · 2 comments

kerem commented

2026-03-02 16:01:44 +03:00

Owner

Originally created by @smalos on GitHub (May 12, 2025).
Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/1316

While scanning the downloaded file tinyfilemanager.php, 3 out of 65 security vendors flagged it as malicious.

🔗 VirusTotal Report

SHA256:
3455be6f42e55044ac3c834f1924407f32a5c90b547fb5959069bba015f50e7b

Detections:

Trojan:Php/Agent.NV#

Trojan.Agent/PHP!8.12895 (TOPIS:E0:kj7ifrRxtoT)

The issue is not only with this file directly — unfortunately, other software projects that include TinyFileManager as a third-party dependency are also being flagged as malware on SourceForge. This has serious implications for downstream projects and their reputations.

Could you please verify whether these detections are false positives and consider submitting the file for reanalysis or contacting the vendors for delisting?

Originally created by @smalos on GitHub (May 12, 2025). Original GitHub issue: https://github.com/prasathmani/tinyfilemanager/issues/1316 While scanning the downloaded file tinyfilemanager.php, 3 out of 65 security vendors flagged it as malicious. 🔗 [VirusTotal Report](https://www.virustotal.com/gui/file/3455be6f42e55044ac3c834f1924407f32a5c90b547fb5959069bba015f50e7b) SHA256: 3455be6f42e55044ac3c834f1924407f32a5c90b547fb5959069bba015f50e7b Detections: Trojan:Php/Agent.NV# Trojan.Agent/PHP!8.12895 (TOPIS:E0:kj7ifrRxtoT) The issue is not only with this file directly — unfortunately, other software projects that include TinyFileManager as a third-party dependency are also being flagged as malware on SourceForge. This has serious implications for downstream projects and their reputations. Could you please verify whether these detections are false positives and consider submitting the file for reanalysis or contacting the vendors for delisting?

kerem added the

Security

label

2026-03-02 16:01:44 +03:00

kerem commented

2026-03-02 16:01:45 +03:00

Author

Owner

@smalos commented on GitHub (May 13, 2025):

I’ve isolated the detection to a single attribute in tinyfilemanager.php:

data-option="fullscreen"

Changing it to, for example,

data-option="fs"

completely prevents ESET-NOD32 from flagging the file. This strongly suggests that their heuristic is literally matching the keyword “fullscreen” (a term commonly abused by malicious scripts) rather than evaluating its context.

I’ve submitted a false-positive report to ESET (per KB141).

@smalos commented on GitHub (May 13, 2025): I’ve isolated the detection to a single attribute in tinyfilemanager.php: `data-option="fullscreen"` Changing it to, for example, `data-option="fs"` completely prevents ESET-NOD32 from flagging the file. This strongly suggests that their heuristic is literally matching the keyword “fullscreen” (a term commonly abused by malicious scripts) rather than evaluating its context. I’ve submitted a false-positive report to ESET (per KB141).

kerem commented

2026-03-02 16:01:45 +03:00

Author

Owner

@smalos commented on GitHub (May 13, 2025):

Response from the ESET Malware Response Team:

Thank you for your submission.
It is a false positive of our scanner and this issue will be fixed in the next update of detection engine.

@smalos commented on GitHub (May 13, 2025): Response from the ESET Malware Response Team: > Thank you for your submission. > It is a false positive of our scanner and this issue will be fixed in the next update of detection engine.

kerem referenced this issue

2026-03-02 16:03:04 +03:00

[PR #841] [MERGED] Adds json mime type as text type to allow edit json files #1071