beehive analytics detected as Trojan.PHP.Goto.gen.2c5

  • Resolved advertino

    (@advertino)


    3 years, 4 months ago

    FILE: wp-content/plugins/beehive-analytics/dependencies/vendor/guzzlehttp/guzzle/src/RequestFsm.php
    FILE_MD5: 60711050e161ab06b7b2ab2460c26648
    SEVERITY: enMaliciousThreatType
    ENGINE: fscanner
    THREAT_SIG: 31bcc69a9c00318df6e1e4f2c5b3ee9f
    THREAT_NAME: Trojan.PHP.Goto.gen.2c5
    THREAT: goto before; case ‘complete’: goto complete; case ‘error’: g…
    DETAILS: Detected malicious PHP script

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @advertino

    Thank you for reporting it,

    To make sure we are on the same page, did you run the test on any online tool or use a security plugin?

    The specific file is from our vendor guzzlehttp, I checked a fresh downloaded plugin and I can confirm it uses a GoTo however, it is not any malware and sounds like a false positive.

    I also tested this file on some security tools and I didn’t get any reports.

    Just in case, could you please reinstall a Fresh Copy of the Beehive plugin?

    Please, let us know where you saw this result and we can try to replicate it.
    Best Regards
    Patrick Freitas

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @advertino

    I hope you are doing well.

    Our developers confirmed it is a false positive, the flagged file is this:
    https://github.com/guzzle/guzzle/blob/5.3/src/RequestFsm.php

    It is a file from one of the vendors as I explained, this vendor is used by Google lib that Beehive uses, so when we install Google libraries this vendor is loaded too.

    You can still reinstall the plugin to have a fresh version of the file just in case, but if it is not a modified file it is safe to ignore the report.

    Best Regards
    Patrick Freitas

    Thread Starter advertino

    (@advertino)

    Thanks for answer, Patrick

    I cannot ignore this. Because if this is a false alarm from the antivirus, then how can I be sure that this file will not be infected later? And while I think that this is a false positive, my website will actually be infected with Trojans and viruses. I used the latest version of the plugin. Now I have removed your plugin, I do not need unexpected problems and surprises in the future, sorry.

    Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    Hello @advertino !

    Just to clarify and avoid possible confusion – it looks like in this case the antivirus software made an incorrect call by marking a completely valid and safe file as potentially unsafe due to the fact that the programmers of the library used a couple of goto statements inside a case clause. Goto statements are rarely used in PHP, but nevertheless they are completely normal and have no security impact whatsoever. Same goes for the combination of goto statements inside a case clause – there’s nothing unsafe in this, just normal code.

    The part mentioned in the report:

    goto before; case ‘complete’: goto complete; case ‘error’:

    Is valid PHP code which doesn’t open any security holes. I’d suggest to contact the antivirus provider and report this case as a false alert so that they can update their database and prevent this report from showing up in places where it’s not a security issue.

    Warm regards,
    Pawel

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @advertino

    I hope you are doing well and safe!

    We haven’t heard from you in a while, I’ll mark this thread as resolved.

    Feel free to let us know if you have any additional questions or problems.

    Best Regards
    Patrick Freitas

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘beehive analytics detected as Trojan.PHP.Goto.gen.2c5’ is closed to new replies.