Support » Plugin: AntiVirus » Virus alert since 1.4.0

  • Resolved wgm

    (@wgm)


    Hi,

    since last update to version 1.4.0 I get virus alert every day. I checked / unchecked options on settings page but no changes in behavor. I’m not using Google Safe Browsing.

    When checking manually everything is shown as OK.

    Please check, thanks.

Viewing 14 replies - 1 through 14 (of 14 total)
  • Same problem here.

    • PHP 7.3.23
    • Antivirus 1.40
    • Google Safe Browsing not activated

    I’m also getting these virus alerts on some sites. I noticed support for scanning parent themes was added in the last update; however it appears to only scan the parent theme now, not the child (only the parent theme files are showing up in the manual scan list, not the child theme files). Hope this helps troubleshoot.

    Thread Starter wgm

    (@wgm)

    On my site I found with manual scan:
    – files in parent theme are scanned
    – files in child theme with same file name as in parent are not scanned
    – files in child theme with different names (self created files) are scanned
    – files in child theme subfolders are scanned, but not all files and not all subfolders

    Same here. I cross analyse with other tool, no virus. I desinstall the plugin, but still continue to receive the alert email.
    Such too wasnt suppose to be ignored when you receive an alert email… but since a couple of days/weeks I do. Need also to find why it continue to send the alert once desinstalled!

    Will reevaluate the plugin once running again. But for now, my trust is sadly challenged.

    I’m using a child theme of Divi, that seems to be the common denominator of the issue across our websites.

    Hello,
    I get exactly the same issue and also with Divi.
    Thank you in advance for your feedbacks.
    regards

    Plugin Support Torsten Landsiedel

    (@zodiac1978)

    Hi all!

    Thank you for all the reports.

    I will report this to our devs and will try to reproduce it with Divi.

    Thanks again and sorry for the trouble!

    All the best
    Torsten

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    since last update to version 1.4.0 I get virus alert every day. […] When checking manually everything is shown as OK.

    Seems to be an issue with the manual scan. I can reproduce it by provoking a virus warning (add risky code to a theme file) which is detected correctly in the cron execution, but not in the manual scan. (https://github.com/pluginkollektiv/antivirus/issues/88)

    edit: should be fixed in the upcoming release (https://github.com/pluginkollektiv/antivirus/issues/89)

    – files in child theme with same file name as in parent are not scanned
    – files in child theme with different names (self created files) are scanned

    Confirmed and – hopefully – fixed in the upcoming release (https://github.com/pluginkollektiv/antivirus/pull/86)

    – files in child theme subfolders are scanned, but not all files and not all subfolders

    That’s by design. The plugin collects theme files with a maximum depth of 1.

    Please don’t ask me for the actual reason as I can only guess (at least since 1.3 (2015) and not documented). I’d be fine with raising the maximum depth to a more reasonable value.

    Cheers,
    Stefan

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    I desinstall the plugin, but still continue to receive the alert email.

    Can you @djavet check if the plugin is correctly uninstalled, i.e. the wp-content/plugins/antivirus directory has been removed?

    I’m unable to reproduce this behavior. Added dummy code to raise a warning, manipulate the Cron trigger to run every 5 minutes (and received several mails), uninstalled the plugin and there are no more mails…

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    Update:
    Version 1.4.1 has just been released. It fixes the issues described above, s.t. now all theme files are scanned and the manual scan is working again.

    With Divi you will likely notice quite a lot of alerts across the files, many of them in the /includes/builder/ subdirectory. Various classes do use signatures that AntiVirus detects as risky code (output buffer handling, opening files, …). You can dismiss them as before. With 1.3 they have just not been scanned, because parent themes were ignored and hierarchy was limited to 1.

    There is a way to exclude the files from scanning, leveraging the theme_scandir_exclusions hook that defaults to array( 'CVS', 'node_modules', 'vendor', 'bower_components' ). One could add 'builder' to this list, that eliminates 90% of the warnings. Did not check for negative side effects though.

    Cheers,
    Stefan

    We’ve updated three sites so far and manually scanned, dismissing the Divi-related false pings. Appreciate the speedy follow-up, I’ll comment in a few days if there are additional issues. THANK YOU!!

    @stklcode, I’m getting virus warnings in my parent theme ‘Genesis’. It happened right after I updated to 1.4.1.

    Thx

    Plugin Author Stefan Kalscheuer

    (@stklcode)

    Hi @kmitz,

    what exactly do expect from me/us here without any further information? I personally don’t have access to a Genesis site and for pure coincidence one of our team members had Divi available.

    The reason is most likely the exact same as described in my previous comment: AntiVirus now scans all theme files (*.php) in all subdirectories. Executing a mnaual scan you will see which line of code triggered the warning. If you think the line is correct, i.e. not harmful and not unintentionally modified, click “dismiss” and you’re fine again.

    If you think, AntiVirus’ detection methods can/should be changed, please open a (new) feature request. Please see that none of us has the resources to check every existing themes out there (8k in the repo + 100-tousands of paid, non-listed and/or custom created), so there we cannot investigate on every single report. Community feedback is highly appreciated here. But please provide at least some additional information.

    Cheers,
    Stefan

    Thread Starter wgm

    (@wgm)

    Feedback

    I updated to Version 1.4.1. Daily check gave me virus alert. Did manual check and got three alarms: two template files in my child theme and one in file of parent theme (Responsive by CyberChimps). All alarms where falls positives and I dismissed them. Now since two days without virus alert.

    Thanks for the fast response and good work.

Viewing 14 replies - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.