File appears to be malicious: wp-content/plugins/gravityformssignature/includes/

  • Resolved av-incare

    (@av-incare)


    6 years, 10 months ago

    I got this message. I’m not sure if I should delete or not.

    Filename: wp-content/plugins/gravityformssignature/includes/super_signature/ss.js
    File Type: Not a core, theme, or plugin file from www.remarpro.com.

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: _0x18db=[“\x32. The infection type is: Javascript code indicative of malware.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi,

    It’s likely to be a false positive so please don’t delete the file at this time.

    We are currently investigating this and I will report back here with further updates for you.

    Thanks.

    Thread Starter av-incare

    (@av-incare)

    Thank you, sir. Will do.

    Plugin Support wfphil

    (@wfphil)

    Hi,

    One of our analysts says it’s a large, intentionally-obfuscated bit of JavaScript that appears to be from https://www.supersignature.com

    He has been working his way through the code and while he hasn’t found anything malicious yet, it’s a large, complex, intentionally-hard-to-check bit of code.

    If you trust the Gravity Forms Signature Add-On then we suggest ignoring the result.

    Thread Starter av-incare

    (@av-incare)

    Thank you all for your hard work and support for your product.

    Hi,
    i get the same alert. Any news about this?
    Because as it seems the signatures stop working on my site even if i click Ignore…wordfence pics it up on next scan.

    Plugin Support wfphil

    (@wfphil)

    Hi @oga23

    Which Ignore option are you using – “Ignore Until File Changes” or “Always Ignore“?

    If you are using “Ignore Until File Changes” then you can reach out to the plugin developers and ask them why the file keeps changing.

    You can also use the scan option “Exclude files from scan that match these wildcard patterns” to ignore the file using this exclusion:

    /wp-content/plugins/gravityformssignature/includes/super_signature/ss.js

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘File appears to be malicious: wp-content/plugins/gravityformssignature/includes/’ is closed to new replies.