Hi Support
Getting reports like this (***removed*** is by me):
This file appears to be malicious
Filename: ***removed***/aws-sdk/lib/cachecore/cachecore.class.php File type: Not a core, theme or plugin file. Issue first detected: 1 hour 39 mins ago. Severity: Critical Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "$self(".
where the only "match" to a malicious file is indicaetd as a single variable such as "$self(" above but other cases for other files mention things like $name(, $class(, $hashfunc(, and similar.
These are all false positives triggering on standard "official" SDKs from sources such as Amazon and Dropbox. These do seem to be very flimsy criteria against which to raise a critical severity report.
Can you please implement improved algorithms for anything like this rather than just a simple text string match on a single variable name (whatever context it may be being used in), otherwise this kind of thing is likely to continue triggering huge numbers of false positives which, apart from being annoying to have to go and chase down, rather devalues the plugin as in the end these reports may simply be ignored.
And simply choosing to ignore a load of files because of false positives then ends up with files being "unprotected" which seems contrary to the purpose of the function.
Thanks.