Feng Forum

Support => Older versions => : fcoauga October 26, 2009, 07:14:18 PM

: OpenGoo 1.6 Virus Alert!
: fcoauga October 26, 2009, 07:14:18 PM
The free antivirus AVGuard detects suspicious file for 'add-document.php'. See attached.

Well, I know that is no a suspicious file, but is a little problem for distribution...
: Re: [1.6beta] informative: virus detected
: Pet October 26, 2009, 11:19:05 PM
ignore
: Re: [1.6beta] informative: virus detected
: ignacio October 27, 2009, 10:56:50 AM
Can you try if changing line 39 from:
:
<?php echo $ckEditorContent ?>

to:
:
<?php echo clean($ckEditorContent?>

fixes the issue?
: Re: [1.6beta] informative: virus detected
: fcoauga October 27, 2009, 06:18:30 PM
ignore

of course...seven times when wrote the message and about fourty at this time... :)
: Re: [1.6beta] informative: virus detected
: fcoauga October 27, 2009, 06:23:16 PM
Can you try if changing line 39 from:
:
<?php echo $ckEditorContent ?>

to:
:
<?php echo clean($ckEditorContent?>

fixes the issue?

No.

I had sent the file to Avira, perhaps them tell something us
: There is a Malware on file OpenGoo 1.6 BETA ?
: c.barca October 29, 2009, 11:34:52 AM
Hello,

I have Avira Antivir 9.0.0.17 with virus engine 8.02.01.44 of 21/10/2009.
On file opengoo\application\views\files\add_document.php'
Avira has found a malware  'HTML/Crypted.Gen' [virus].

Please, Can you try and confirm file security ?

Thank's, regards

Claudio
: There is a Malware on file OpenGoo 1.6 BETA ?
: c.barca October 29, 2009, 11:43:36 AM
On VirusTotal.com

File add_document.php ricevuto il 2009.10.29 14:36:32 (UTC)

Antivirus                      Versione   last Update      Found
AntiVir                 7.9.1.50           2009.10.29      HTML/Crypted.Gen
McAfee-GW-Edition   6.8.5      2009.10.29      Heuristic.Script.Crypted


: Re: [1.6beta] informative: virus detected
: carlos October 30, 2009, 12:59:21 PM
It is a false positive, check this source for the virus description:

http://www.trustedsource.org/malware-virus-description/1-18723/Heuristic-Script-Crypted

The file add_document.php is only calling the new editor (CKEditor) via javascript, there must be some line of code which the antivirus detects as containing a "typically malicious characteristic".

As noted before, it would probably be a good idea to identify and "fix" the line so that this message stops appearing.

Cheers
: Re: [1.6beta] informative: virus detected
: Pet October 30, 2009, 03:44:51 PM
Julio @ virustotal is usually quite helpful, but note that it is sometimes a pain or can take months to get some code removed as a false positive from virus signatures (this from experience), hence my previous "ignore" comment.
: OpenGoo 1.6 Virus Alert!
: mastersin December 07, 2009, 12:56:12 PM
Hello,

I just downloaded the OpenGoo 1.6 Archive from your link at the Announcement Forum. As I checked it with my AntiVir I got the following message:
: Re: OpenGoo 1.6 Virus Alert!
: a2opinion December 08, 2009, 11:50:10 AM
hmmn.. what does it say? ???
I'd run it through a translator if I could copy and paste the text...
: Re: OpenGoo 1.6 Virus Alert!
: CédricH December 09, 2009, 08:26:55 PM
I get the same message with avira antivirus concerning a html script virus ...

opengoo\application\views\files\add_document.php is corrupted

The description is :
Virus: HTML/Crypted.Gen
Date discovered: 18/07/2007
Type: Trojan
In the wild: Yes
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No
Engine version: 7.04.00.44 
: Re: OpenGoo 1.6 Virus Alert!
: mastersin December 10, 2009, 08:10:29 AM
I still get this messages like CédricH posted? Any solutions? Help!!!
: Re: OpenGoo 1.6 Virus Alert!
: Pet December 10, 2009, 09:28:36 PM
I posted the solution - ignore it.

Edit: In the interest of self-help, that sounds arrogant of me, and I apologize. What I should have said was this is likely a false positive. The devs will most certainly be checking into this, and if it were serious it would have been replaced. It is basically a catch-all virus notice, more like a warning, that there is some javascript that appears to be from an untrustworthy source.