Author Topic: False positive? (Read 3148 times)

andor2 · « **on:** March 22, 2016, 01:31:05 PM »

Hi,

I'm running a Joomla site and use the JCE editor for backend editing.

There has been a history for older versions of the JCE component to be attacked by exploit attempts but newer versions should not have that weakness.

Still, Avast blocked that component as a Trojan (Other:Malware-gen [Trj]) today:

.../components/com_jce/editor/tiny_mce/tiny_mce_popup.js?a990757478edca862d0bc4f467dffdb9

and the developer says that Avast is the only one reporting this as an issue.

How should I deal with Avast blocking this url/script?

Thanks,

Be Secure · « **Reply #1 on:** March 22, 2016, 01:34:57 PM »

Post VirusTotal link of that file and let see and then post the result here and if it is FP then report it to Avast!

bob3160 · « **Reply #2 on:** March 22, 2016, 01:54:58 PM »

Quote from: Be Secure on March 22, 2016, 01:34:57 PM

Post VirusTotal link of that file and let see and then post the result here and if it is FP then report it to Avast!

Submitting False Positive
https://www.avast.com/false-positive-file-form.php

Pondus · « **Reply #3 on:** March 22, 2016, 02:23:59 PM »

Quote

How should I deal with Avast blocking this url/script?

Post the URL here

REDACTED · « **Reply #4 on:** March 22, 2016, 03:08:28 PM »

This is the Virus Total scan on the day the package was released

https://www.virustotal.com/en/file/469bd62d2962a4619e507f7e792784f8294fb492039205d6b4c3fd78751111db/analysis/1457620372/

and the scan from today

https://www.virustotal.com/en/file/469bd62d2962a4619e507f7e792784f8294fb492039205d6b4c3fd78751111db/analysis/

REDACTED · « **Reply #5 on:** March 22, 2016, 03:33:10 PM »

This file - https://github.com/tinymce/tinymce/blob/3.x/jscripts/tiny_mce/tiny_mce_popup.js

and the file in question are identical in content (apart from the comments at the top), but the former does not trigger false positive.

polonus · « **Reply #6 on:** March 22, 2016, 03:45:37 PM »

Some xxs vulnerable code: Results from scanning URL: -https://assets-cdn.github.com/assets/github-ab1086948a3be528001710080ba17e4975ddb36a9379ab7dddfdb0370647b7c1.js
Number of sources found: 281
Number of sinks found: 103
Consider: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fgithub.com%2Ftinymce%2Ftinymce%2Fblob%2F3.x%2Fjscripts%2Ftiny_mce%2Ftiny_mce_popup.js
This does not kick-up an Avast alert for me: https://github.com/tinymce/tinymce/blob/3.x/jscripts/tiny_mce/tiny_mce_popup.js

polonus

Sirmer · « **Reply #7 on:** March 22, 2016, 03:53:59 PM »

thanks for information, this was a false positive and it will be fixed in next stream update.

andor2 · « **Reply #8 on:** March 23, 2016, 12:00:19 PM »

Thanks all for your input!

Apart from learning about the false positive, I also got some valuable information - at least for a newbie like me

Author Topic: False positive? (Read 3148 times)

andor2

False positive?

Be Secure

Re: False positive?

bob3160

Re: False positive?

Pondus

Re: False positive?

REDACTED

Re: False positive?

REDACTED

Re: False positive?

polonus

Re: False positive?

Sirmer

Re: False positive?

andor2

Re: False positive?