Author Topic: False positive?  (Read 2865 times)

0 Members and 1 Guest are viewing this topic.

Offline andor2

  • Newbie
  • *
  • Posts: 2
False positive?
« on: March 22, 2016, 01:31:05 PM »
Hi,

I'm running a Joomla site and use the JCE editor for backend editing.

There has been a history for older versions of the JCE component to be attacked by exploit attempts but newer versions should not have that weakness.

Still, Avast blocked that component as a Trojan (Other:Malware-gen [Trj]) today:

.../components/com_jce/editor/tiny_mce/tiny_mce_popup.js?a990757478edca862d0bc4f467dffdb9

and the developer says that Avast is the only one reporting this as an issue.

How should I deal with Avast blocking this url/script?

Thanks,

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: False positive?
« Reply #1 on: March 22, 2016, 01:34:57 PM »
Post VirusTotal link of that file and let see and then post the result here and if it is FP then  report it to Avast! :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Online bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 48038
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: False positive?
« Reply #2 on: March 22, 2016, 01:54:58 PM »
Post VirusTotal link of that file and let see and then post the result here and if it is FP then  report it to Avast! :)

Submitting False Positive
https://www.avast.com/false-positive-file-form.php
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37152
  • Not a avast user
Re: False positive?
« Reply #3 on: March 22, 2016, 02:23:59 PM »
Quote
How should I deal with Avast blocking this url/script?
Post the URL here



REDACTED

  • Guest
Re: False positive?
« Reply #5 on: March 22, 2016, 03:33:10 PM »
This file - https://github.com/tinymce/tinymce/blob/3.x/jscripts/tiny_mce/tiny_mce_popup.js

and the file in question are identical in content (apart from the comments at the top), but the former does not trigger false positive.
« Last Edit: March 22, 2016, 03:36:55 PM by widget-factory »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33647
  • malware fighter
Re: False positive?
« Reply #6 on: March 22, 2016, 03:45:37 PM »
Some xxs vulnerable code: Results from scanning URL: -https://assets-cdn.github.com/assets/github-ab1086948a3be528001710080ba17e4975ddb36a9379ab7dddfdb0370647b7c1.js
Number of sources found: 281
Number of sinks found: 103
Consider: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fgithub.com%2Ftinymce%2Ftinymce%2Fblob%2F3.x%2Fjscripts%2Ftiny_mce%2Ftiny_mce_popup.js
This does not kick-up an Avast alert for me: https://github.com/tinymce/tinymce/blob/3.x/jscripts/tiny_mce/tiny_mce_popup.js

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: False positive?
« Reply #7 on: March 22, 2016, 03:53:59 PM »
thanks for information, this was a false positive and it will be fixed in next stream update.

Offline andor2

  • Newbie
  • *
  • Posts: 2
Re: False positive?
« Reply #8 on: March 23, 2016, 12:00:19 PM »
Thanks all for your input!

Apart from learning about the false positive, I also got some valuable information - at least for a newbie like me  ;)