A backdoor that renames quarantined files by ClamAV with extension .suspected back to .php in order to re-enable the previous maliciously uploaded files, or if any left by previous attack. It's used by the attacker to try to gain control back to an infected website where he has uploaded malicious files before.
Severity
MEDIUM