Hi. Love the plugin and just used it to find some nasty malware… and promptly donated to your cause.
I have not delved in extensively, but I noticed I received alerts for ithemes-sync/api.php on the sites I’ve scanned. I checked the file against the latest version I downloaded and it’s the way the developer intended.
So is this just some code that has a legit purpose and being flagged? I thought I’d ask or at the least notify you since I use it on many sites and I know the plugin is popular and the developer is reputable.
One last thing… I had been manually deleting the files that are found because the first time I tried “fix automatically” the offending malware was not actually deleted. I think of 5 files, 4 were zero K and one was intact.