You can see all of the files that are included in this plugin via the wordpress.org subversion repository: http://svn.wp-plugins.org/photojar-base/
I am not distributing any virus with this plugin.
It’s true: Avira AntiVir – V. 8.1.0.331 – detects a virus, too: HTML/Crypted.Gen HTML script virus
.
Okay – it pays to be cautious but this person has been nice enough to write a free plugin so it’s also a good idea not to jump to conclusions about this.
A quick look around some techy sites and I understand that:
jvmimpro.jar is a java file – which I’m assuming this plugin is not.
jvmimpro.jar virus is nasty. 🙂
There are a lot of false-positives being returned by some av programs about this virus.
The fact that the name of the zip for this plugin has the word “jar” in it’s name might be tricking some antivirus into thinking it’s an unrecognisable java file and so they interpret it as a threat – eg the jvmimpro trojan thingy.
False positives are very common amongst anti-virus programs (my own experience with Symantec was that it frequently returned them – even for the most trusted programs such as Firefox and Google) and when you combine that tendency with the word “jar” in James Rantenen’s plugins NAME I suspect that might be what’s happened here.
If you were infected with jvmimpro.jar I reckon you’d know about it.
I have just downloaded and tested it with my antivirus – Avast – even tho I don’t actually want the plugin at this stage. I trust Avast after having used several other av programs and done a lot of research about which is the best one, Avast ranks very highly in all security reviews. (which is why I was willing to take the risk and download this just to test it for viruses)
There is no virus in this plugin download according to Avast.
I’m not saying don’t be cautious – as with any download you should check and double check – but it looks to me like James’ plugin is perfectly safe.
James – maybe you should run a few scans just to be sure and then… er…. perhaps change the name of the download (grin).
Looks clean here too. It’s just a few php files and images. There’s no java file/zip.