Malicious code PHP.EVAL.CRYPT in index.php

Hello Mr. Frankland,

my urgent problem:

After the upload of a new web made with Pulse 4.6 I received from my Hoster the message that in both index.php’s (admin and user index.php!!) is a malicious code “PHP.EVAL.CRYPT”.
The index files are from the ORIGINAL downloaded from the pulse Web at 02-22-2017.

My hoster now has blocked my account.

Is there really a malicious code in the index.php files or what can I do.

What can I tell my hoster? What should I say my costumers? What can I do?
(2.25.2016 I bought 5 licences. 3 not used till now)


No, there is no malicious code inside Pulse. That’s just a false positive, because 4.6 included eval coding.
Tell your Hoster they should update their virus definitions :wink:

1 Like

1.- It is true that these functions are not functions that can not be misused.
Please read these links.

2.- EVAL (GLOBALEVAL) are used scripts:
Index.php, index.php (admin), pulsecore / misc.php, redactor.min.js and jquery.js.

3.- You can check the contents of these scripts.
Example: Edit script index.php. Copy the content between two abostrofs.

<?php eval("?>".base64_decode('

Open Web Page =
Decode the content between two abostrofs.
Check the content.

4.- Request a feature (your web site provider)



Thanks for the answers, my hoster has released everything now.


1 Like