tinyfilemanager icon indicating copy to clipboard operation
tinyfilemanager copied to clipboard
verified publisher icon prasathmani

3/65 security vendors flagged this file as malicious

Open smalos opened this issue 7 months ago • 2 comments

While scanning the downloaded file tinyfilemanager.php, 3 out of 65 security vendors flagged it as malicious.

đź”— VirusTotal Report

SHA256: 3455be6f42e55044ac3c834f1924407f32a5c90b547fb5959069bba015f50e7b

Detections:

Trojan:Php/Agent.NV#

Trojan.Agent/PHP!8.12895 (TOPIS:E0:kj7ifrRxtoT)

The issue is not only with this file directly — unfortunately, other software projects that include TinyFileManager as a third-party dependency are also being flagged as malware on SourceForge. This has serious implications for downstream projects and their reputations.

Could you please verify whether these detections are false positives and consider submitting the file for reanalysis or contacting the vendors for delisting?

smalos avatar May 12 '25 10:05 smalos

I’ve isolated the detection to a single attribute in tinyfilemanager.php:

data-option="fullscreen"

Changing it to, for example,

data-option="fs"

completely prevents ESET-NOD32 from flagging the file. This strongly suggests that their heuristic is literally matching the keyword “fullscreen” (a term commonly abused by malicious scripts) rather than evaluating its context.

I’ve submitted a false-positive report to ESET (per KB141).

smalos avatar May 13 '25 04:05 smalos

Response from the ESET Malware Response Team:

Thank you for your submission. It is a false positive of our scanner and this issue will be fixed in the next update of detection engine.

smalos avatar May 13 '25 11:05 smalos