Virus alert since 1.4.0

  • Resolved wgm

    (@wgm)


    4 years, 2 months ago

    Hi,

    since last update to version 1.4.0 I get virus alert every day. I checked / unchecked options on settings page but no changes in behavor. I’m not using Google Safe Browsing.

    When checking manually everything is shown as OK.

    Please check, thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter wgm

    (@wgm)

    On my site I found with manual scan:
    – files in parent theme are scanned
    – files in child theme with same file name as in parent are not scanned
    – files in child theme with different names (self created files) are scanned
    – files in child theme subfolders are scanned, but not all files and not all subfolders

    Plugin Support Torsten Landsiedel

    (@zodiac1978)

    Hi all!

    Thank you for all the reports.

    I will report this to our devs and will try to reproduce it with Divi.

    Thanks again and sorry for the trouble!

    All the best
    Torsten

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    since last update to version 1.4.0 I get virus alert every day. […] When checking manually everything is shown as OK.

    Seems to be an issue with the manual scan. I can reproduce it by provoking a virus warning (add risky code to a theme file) which is detected correctly in the cron execution, but not in the manual scan. (https://github.com/pluginkollektiv/antivirus/issues/88)

    edit: should be fixed in the upcoming release (https://github.com/pluginkollektiv/antivirus/issues/89)

    – files in child theme with same file name as in parent are not scanned
    – files in child theme with different names (self created files) are scanned

    Confirmed and – hopefully – fixed in the upcoming release (https://github.com/pluginkollektiv/antivirus/pull/86)

    – files in child theme subfolders are scanned, but not all files and not all subfolders

    That’s by design. The plugin collects theme files with a maximum depth of 1.

    Please don’t ask me for the actual reason as I can only guess (at least since 1.3 (2015) and not documented). I’d be fine with raising the maximum depth to a more reasonable value.

    Cheers,
    Stefan

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    Update:
    Version 1.4.1 has just been released. It fixes the issues described above, s.t. now all theme files are scanned and the manual scan is working again.

    With Divi you will likely notice quite a lot of alerts across the files, many of them in the /includes/builder/ subdirectory. Various classes do use signatures that AntiVirus detects as risky code (output buffer handling, opening files, …). You can dismiss them as before. With 1.3 they have just not been scanned, because parent themes were ignored and hierarchy was limited to 1.

    There is a way to exclude the files from scanning, leveraging the theme_scandir_exclusions hook that defaults to array( 'CVS', 'node_modules', 'vendor', 'bower_components' ). One could add 'builder' to this list, that eliminates 90% of the warnings. Did not check for negative side effects though.

    Cheers,
    Stefan

    Thread Starter wgm

    (@wgm)

    Feedback

    I updated to Version 1.4.1. Daily check gave me virus alert. Did manual check and got three alarms: two template files in my child theme and one in file of parent theme (Responsive by CyberChimps). All alarms where falls positives and I dismissed them. Now since two days without virus alert.

    Thanks for the fast response and good work.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Virus alert since 1.4.0’ is closed to new replies.

Tags