Malware detected (similar to someone elses post)

  • Resolved kristinubute

    (@kristinubute)


    1 year ago

    HI

    I’ve installed a plugin to do scanning for malware on client site.

    It came back with a possible issue with a file in your plugin.

    I had just updated ALL plugins including yours & WordPress BEFORE I did the scan so I can’t see that it is dodgy but thought I better ask.

    Current version of your plugin I have is 3.7.2

    It says trojan …

    https://snipboard.io/5VpPNs.jpg

    How do I interpret this?

    Thanks
    Kristin

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor dwpriv

    (@dwpriv)

    Using https://www.virustotal.com it appears to be a false positive

    What plugin did you use for you scan?

    Thread Starter kristinubute

    (@kristinubute)

    Quttera Scanner.

    How does this work the link you gave me?

    https://www.virustotal.com

    Plugin Contributor dwpriv

    (@dwpriv)

    You have to drag/upload the file in question to the website for scanning. You can find the file in your installation directory at wp-contents/plugins/woocommerce-pdf-invoices-packing-slips/vendor/phenx/php-font-lib/index.php

    The file contains a redirect to the?www?directory.
    There used to be a?www?directory in the font lib, but it has been removed since 2015, and of course, recently, they deleted the?index.php?since it’s useless (https://github.com/dompdf/php-font-lib/commit/767e77b04d596ba2ff3ad35e84be2661c0dc91eb).
    The file is clean, but it raised the warning probably because it’s similar to commands hackers use in web shells or the scripts to reroute web traffic and hijack it. The scanner was just being cautious, but it’s just an outdated code!

    Thread Starter kristinubute

    (@kristinubute)

    Hi, If that file is NOT required anymore, why would it be sitting in this directory?

    What will I delete so I don’t have it sitting there causing an issue for potential dodgy people in the future please?

    So what do I remove in this directory?

    You mentioned:

    The file contains a redirect to the?www?directory.
    There used to be a?www?directory in the font lib, but it has been removed since 2015, and of course, recently, they deleted the?index.php?since it’s useless

    Thanks

    Plugin Contributor dwpriv

    (@dwpriv)

    You can delete the index.php file itself in the folder at wp-contents/plugins/woocommerce-pdf-invoices-packing-slips/vendor/phenx/php-font-lib/index.php

    Thread Starter kristinubute

    (@kristinubute)

    OK I will remove that file as its not required anyway as you said.

    WHY would it still be there anyway? Is it a leftover from an older version of your plugin and that’s why it is still there?

    Are there any other files I need to remove that are not required anymore?

    Thanks

    Plugin Contributor Yordan Soares

    (@yordansoares)

    Hi @kristinubute,

    The file is still there because they haven’t launched a new public release with the index.php file deletion. We are using dompdf 2.0.3 that it was launched prior this change. See: https://github.com/dompdf/dompdf/releases

    That said, as soon as a new public stable release is available, we will update our plugin with it, too. In the meantime, you could add an exception to this file, or mark it as safe, so you do not receive more notification about it.

    Thread Starter kristinubute

    (@kristinubute)

    I’m deleting this file for now.

    Can you also confirm that there should be a htaccess file in that same directory also please?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Malware detected (similar to someone elses post)’ is closed to new replies.

Tags