So I got a message from Sitelock about infected files. I have a number of Doku installations, some on a stick, some on my server (where the Sitelock scan happened). Log entries look like this:
/doku/inc/ZipLib.class.php: SiteLock-PHP-EVAL_REQUEST-auht.UNOFFICIAL FOUND
I tried to look this up on stackoverflow and such, but I had no luck. The file itself doesn't look like it's got any slippery evals in it, that I can tell, that would be injecting code, so I'm wondering if this is a problem with how the file itself is structured, or if Sitelock's scan is just being overzealous. I diffed the version I have with the version from a freshly downloaded doku install (still in the tar.gz wrapper even) and they were identical, which was weird. Also, not sure what to make of the apparent misspelling of "auth" in the log entry. Maybe Sitelock has a spelling error in one of their modules??
here's a paste of my version of ZipLib.class.php:
http://pastebin.com/AxCvkaFF
Anyone have any ideas on this? not all of my installs are active (some are archived) so it's not super easy just to reinstall.