(WordPress) Theme Upload - Error: HTTP 406 Not Acceptable

Support
, ,
1

Bug Report Template

Description

After standard WordPress install (on latest ApisCP, of latest WordPress) and releasing Fortification, theme upload/install fails after a couple minutes with HTTP error 406 - Not Acceptable:

Not Acceptable

An appropriate representation of the requested resource could not be found on this server.

Error log (/var/log/httpd/error_log) shows ClamAV triggered on zip:

[Fri Jan 30 12:39:54.562387 2026] [security2:error] [pid 1585561:tid 1585613] [remote <CLIENT-IP-REDACT>:49672] ModSecurity: [clamdscan scanner message: /tmp/20260130-123825-aX0WwRKVZ-tO_v8pb19kEgAAgRE-file-m2Bi7J: Sanesecurity.Foxhole.JS_Zip_17.UNOFFICIAL FOUND\n]\n [hostname "redacted.example.com"] [uri "/wp-admin/update.php"] [unique_id "aX0WwRKVZ-tO_v8pb19kEgAAgRE"], referer: https://redacted.example.com/wp-admin/theme-install.php?browse=popular
[Fri Jan 30 12:39:54.562413 2026] [security2:error] [pid 1585561:tid 1585613] [remote <CLIENT-IP-REDACT>:49672] ModSecurity: Access denied with code 406 (phase 2). Virus Detected [file "/etc/httpd/modsecurity.d/activated_rules/clamav-10.conf"] [line "5"] [id "1010101"] [msg "Malicious
File Attachment"] [severity "ALERT"] [hostname "redacted.example.com"] [uri "/wp-admin/update.php"] [unique_id "aX0WwRKVZ-tO_v8pb19kEgAAgRE"], referer: https://redacted.example.com/wp-admin/theme-install.php?browse=popular

System Messages log (/var/log/messages) likewise shows:

Jan 30 12:34:30 host clamd[2537388]: SelfCheck: Database status OK.
Jan 30 12:39:54 host clamd[2537388]: /tmp/20260130-123825-aX0WwRKVZ-tO_v8pb19kEgAAgRE-file-m2Bi7J: Sanesecurity.Foxhole.JS_Zip_17.UNOFFICIAL(1664307fd6ef6a0dc96ab33ac8ffd3e0:34774131) FOUND

Steps to Reproduce

  • Install WordPress
  • Release Fortification
  • Upload/Install theme zip from computer

Expected Behavior

Theme should install or specific errors regarding why the upload or install failed, including if any PHP ini var/limit needs adjustment.

Actual Behavior

Upload/install fails with non-descript error and no specific indication why.

image
image817×209 21.7 KB

Environment

ApisCP version:

# cpcmd misc:cp-version
revision: 45fade15eb9c075fc4143fbb67f6dbab116538aa
timestamp: 1768180847
ver_maj: 3
ver_min: 2
ver_patch: 48
ver_pre: 39-g45fade15e
dirty: false
debug: false

Operating System:

# uname -r
4.18.0-553.64.1.el8_10.x86_64

WordPress: Latest version (v6.9, I believe)

Theme: Salient (file: salient.zip, size: ~33MB)

Additional Information

Provide any additional information about the bug, such as error messages, logs, screenshots, or any other relevant details.

2

This post may be resolved/non-actionable currently.

I’m working to review why the ClamAV triggered on the theme zip file.

EDIT: Clamd says it found:

Sanesecurity.Foxhole.JS_Zip_17.UNOFFICIAL(1664307fd6ef6a0dc96ab33ac8ffd3e0:34774131)

However, I scanned with other tools, including an online version of ClamAV and nothing triggered. Is it possible my ClamAV is out of date? (Or maybe the other tools I tested with are out of date?)

Log messages show the signature db appears to be up to date.

3

If this is a false-positive, you may consider whitelisting.

See ModSecurity + malware scans | ApisCP Docs > 406 Not Acceptable on POST