miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
The Other miniBB Support Forums / The Other /  
 

Trojan:JS/Foretype.A!ml

 
Author Steve Shaw
Partaker
#1 | Posted: 6 Jul 2019 16:31 
Paul - have just had this warning from Windows Defender...

Threat detected: Trojan:JS/Foretype.A!ml
Alert level: Severe
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Affected items: \forums\bb_plugins2.php

Is this a genuine false positive?

Steve

Author kuopassa
Partaker
#2 | Posted: 6 Jul 2019 17:01 
What are the contents of bb_plugins2.php file?

Author Steve Shaw
Partaker
#3 | Posted: 6 Jul 2019 17:29 
It's the default file from within mininbb...

Steve

Author kuopassa
Partaker
#4 | Posted: 6 Jul 2019 23:09 
Then it must be a false positive. :-)

Author Paul
Lead Developer 
#5 | Posted: 8 Jul 2019 11:48 
If you are about a file, which contents are just about:

<?php
if (!defined('INCLUDED776')) die ('Fatal error.');
?>
then I suppose, there must be something wrong with Windows Defender... This files executes nothing even if called via PHP precompiler, not speaking about JavaScript (it's not a JavaScript file).

I've re-checked the distributed miniBB package, and I'm 100% sure it's clean from viruses or trojans.

Author Steve Shaw
Partaker
#6 | Posted: 8 Jul 2019 14:11 
Sorry, I should have said that I have the /* --Captcha Authorization addon */ and /* File upload addon */ installed, so that code is included in the bb_plugins2.php file.

Steve

Author Paul
Lead Developer 
#7 | Posted: 8 Jul 2019 17:08 
So it's not a default file :)

Well, in my practice I also experienced a couple of times, when my codes were detected as malicious, but only if the disk was scanned by one of the anti-malware programs (and in a meanwhile it all gone since detection programs became more perfect to distinct a valid PHP code from another suspicious code).

I suppose, it only happens when the trojans-detection software scans a file for the code it knows which must be malicious. But you must be pretty sure that nor the Captcha, nor the File Upload add-on codes in bb_plugins2.php file do not contain anything JavaScript-related, there are only PHP codes which are not executed simply on your local drive. So the combination of codes is just accidental in this case.

I'm not sure what exactly codes are detected as malicious in this case (would be still great to know), but again, this is more related to the imperfection of Windows Defender.

The Other miniBB Support Forums / The Other /
 Trojan:JS/Foretype.A!ml
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑