Author Topic: OpenGoo 1.6 Virus Alert!  (Read 8204 times)

fcoauga

  • Jr. Member
  • **
  • Posts: 51
  • www.augadaterra.org
    • View Profile
    • Auga da Terra
OpenGoo 1.6 Virus Alert!
« on: October 26, 2009, 07:14:18 pm »
The free antivirus AVGuard detects suspicious file for 'add-document.php'. See attached.

Well, I know that is no a suspicious file, but is a little problem for distribution...
« Last Edit: October 27, 2009, 06:11:32 pm by fcoauga »
-----
Testing Opengoo:
 external server with PHP 5.1.6 & MySQL 5.0.45
 locally server with PHP 5.2.0 & MySQL 5.0.27
Viewed with Mozilla 3.0.1 & Opera 9.60

Pet

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 638
  • Always mining for solutions!
    • View Profile
    • The Bet!
Re: [1.6beta] informative: virus detected
« Reply #1 on: October 26, 2009, 11:19:05 pm »
ignore
Support OpenGoo - Sponsor a Feature! | Follow me on Twitter | OG Support Chat | Did you turn debugging on?

ignacio

  • Hero Member
  • *****
  • Posts: 1703
    • View Profile
Re: [1.6beta] informative: virus detected
« Reply #2 on: October 27, 2009, 10:56:50 am »
Can you try if changing line 39 from:
Code: [Select]
<?php echo $ckEditorContent ?>

to:
Code: [Select]
<?php echo clean($ckEditorContent?>

fixes the issue?

fcoauga

  • Jr. Member
  • **
  • Posts: 51
  • www.augadaterra.org
    • View Profile
    • Auga da Terra
Re: [1.6beta] informative: virus detected
« Reply #3 on: October 27, 2009, 06:18:30 pm »
ignore

of course...seven times when wrote the message and about fourty at this time... :)
-----
Testing Opengoo:
 external server with PHP 5.1.6 & MySQL 5.0.45
 locally server with PHP 5.2.0 & MySQL 5.0.27
Viewed with Mozilla 3.0.1 & Opera 9.60

fcoauga

  • Jr. Member
  • **
  • Posts: 51
  • www.augadaterra.org
    • View Profile
    • Auga da Terra
Re: [1.6beta] informative: virus detected
« Reply #4 on: October 27, 2009, 06:23:16 pm »
Can you try if changing line 39 from:
Code: [Select]
<?php echo $ckEditorContent ?>

to:
Code: [Select]
<?php echo clean($ckEditorContent?>

fixes the issue?

No.

I had sent the file to Avira, perhaps them tell something us
-----
Testing Opengoo:
 external server with PHP 5.1.6 & MySQL 5.0.45
 locally server with PHP 5.2.0 & MySQL 5.0.27
Viewed with Mozilla 3.0.1 & Opera 9.60

c.barca

  • Newbie
  • *
  • Posts: 5
  • I like OpenGoo
    • View Profile
    • Email
There is a Malware on file OpenGoo 1.6 BETA ?
« Reply #5 on: October 29, 2009, 11:34:52 am »
Hello,

I have Avira Antivir 9.0.0.17 with virus engine 8.02.01.44 of 21/10/2009.
On file opengoo\application\views\files\add_document.php'
Avira has found a malware  'HTML/Crypted.Gen' [virus].

Please, Can you try and confirm file security ?

Thank's, regards

Claudio

c.barca

  • Newbie
  • *
  • Posts: 5
  • I like OpenGoo
    • View Profile
    • Email
There is a Malware on file OpenGoo 1.6 BETA ?
« Reply #6 on: October 29, 2009, 11:43:36 am »
On VirusTotal.com

File add_document.php ricevuto il 2009.10.29 14:36:32 (UTC)

Antivirus                      Versione   last Update      Found
AntiVir                 7.9.1.50           2009.10.29      HTML/Crypted.Gen
McAfee-GW-Edition   6.8.5      2009.10.29      Heuristic.Script.Crypted


« Last Edit: October 29, 2009, 11:45:14 am by c.barca »

carlos

  • Jr. Member
  • **
  • Posts: 50
    • View Profile
Re: [1.6beta] informative: virus detected
« Reply #7 on: October 30, 2009, 12:59:21 pm »
It is a false positive, check this source for the virus description:

http://www.trustedsource.org/malware-virus-description/1-18723/Heuristic-Script-Crypted

The file add_document.php is only calling the new editor (CKEditor) via javascript, there must be some line of code which the antivirus detects as containing a "typically malicious characteristic".

As noted before, it would probably be a good idea to identify and "fix" the line so that this message stops appearing.

Cheers

Pet

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 638
  • Always mining for solutions!
    • View Profile
    • The Bet!
Re: [1.6beta] informative: virus detected
« Reply #8 on: October 30, 2009, 03:44:51 pm »
Julio @ virustotal is usually quite helpful, but note that it is sometimes a pain or can take months to get some code removed as a false positive from virus signatures (this from experience), hence my previous "ignore" comment.
Support OpenGoo - Sponsor a Feature! | Follow me on Twitter | OG Support Chat | Did you turn debugging on?

mastersin

  • Newbie
  • *
  • Posts: 7
    • View Profile
    • Email
OpenGoo 1.6 Virus Alert!
« Reply #9 on: December 07, 2009, 12:56:12 pm »
Hello,

I just downloaded the OpenGoo 1.6 Archive from your link at the Announcement Forum. As I checked it with my AntiVir I got the following message:

a2opinion

  • Full Member
  • ***
  • Posts: 177
  • Christian
    • View Profile
    • A Second Opinion
Re: OpenGoo 1.6 Virus Alert!
« Reply #10 on: December 08, 2009, 11:50:10 am »
hmmn.. what does it say? ???
I'd run it through a translator if I could copy and paste the text...

CédricH

  • Newbie
  • *
  • Posts: 9
    • View Profile
Re: OpenGoo 1.6 Virus Alert!
« Reply #11 on: December 09, 2009, 08:26:55 pm »
I get the same message with avira antivirus concerning a html script virus ...

opengoo\application\views\files\add_document.php is corrupted

The description is :
Virus: HTML/Crypted.Gen
Date discovered: 18/07/2007
Type: Trojan
In the wild: Yes
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No
Engine version: 7.04.00.44 

mastersin

  • Newbie
  • *
  • Posts: 7
    • View Profile
    • Email
Re: OpenGoo 1.6 Virus Alert!
« Reply #12 on: December 10, 2009, 08:10:29 am »
I still get this messages like CédricH posted? Any solutions? Help!!!

Pet

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 638
  • Always mining for solutions!
    • View Profile
    • The Bet!
Re: OpenGoo 1.6 Virus Alert!
« Reply #13 on: December 10, 2009, 09:28:36 pm »
I posted the solution - ignore it.

Edit: In the interest of self-help, that sounds arrogant of me, and I apologize. What I should have said was this is likely a false positive. The devs will most certainly be checking into this, and if it were serious it would have been replaced. It is basically a catch-all virus notice, more like a warning, that there is some javascript that appears to be from an untrustworthy source.

« Last Edit: December 11, 2009, 01:17:42 am by Pet »
Support OpenGoo - Sponsor a Feature! | Follow me on Twitter | OG Support Chat | Did you turn debugging on?