Sucuri found a match to it’s malware signatures in the Stop Spammers thread-scan module. It was a string that I found in a Sucuri blog post about a malware back door that was appearing in WordPress installs. I added the string to the threat-scan, hoping to catch some sites with with the back door.
What happened was that Sucuri caught me. It thought that the malware signature was actually part of a real malware infection.
I had grabbed what I thought was the smallest unique part of the string to do my scans. Evidently that was enough for Sucuri to detect and report my plugin as Malware.
I have removed the check. If you want a complete check you need to send $200 to Sucuri.
In the mean time, I’ve decided to add different kinds of check to the Threat-Scan in Stop Spammers. So far I’ve been checking against incoming IP addresses. I thought it would be fun to use the spam check modules to check against the IP of the website itself.
This is going to drive people crazy when they find out their website is a source of spam.