3/65 security vendors flagged this file as malicious

[smalos]

While scanning the downloaded file tinyfilemanager.php, 3 out of 65 security vendors flagged it as malicious.

🔗 VirusTotal Report

SHA256:
3455be6f42e55044ac3c834f1924407f32a5c90b547fb5959069bba015f50e7b

Detections:

Trojan:Php/Agent.NV#

Trojan.Agent/PHP!8.12895 (TOPIS:E0:kj7ifrRxtoT)

The issue is not only with this file directly — unfortunately, other software projects that include TinyFileManager as a third-party dependency are also being flagged as malware on SourceForge. This has serious implications for downstream projects and their reputations.

Could you please verify whether these detections are false positives and consider submitting the file for reanalysis or contacting the vendors for delisting?

[smalos]

I’ve isolated the detection to a single attribute in tinyfilemanager.php:

data-option="fullscreen"

Changing it to, for example,

data-option="fs"

completely prevents ESET-NOD32 from flagging the file. This strongly suggests that their heuristic is literally matching the keyword “fullscreen” (a term commonly abused by malicious scripts) rather than evaluating its context.

I’ve submitted a false-positive report to ESET (per KB141).

[smalos]

Response from the ESET Malware Response Team:

Thank you for your submission.
It is a false positive of our scanner and this issue will be fixed in the next update of detection engine.