BitDefender smacks UNA sites with malware warning

This is surely a false positive. But it is very bad advertising for your site. People will run away and never return.

I use a mac but the windows database of malicious strings at Bitdefender would be similar, no doubt. Definitely, javascript based malware is on the rise. As are attacks against macs. Once thought to be immune.

"An infected file attempted to run on your device.

Threat name: JS:Trojan.Cryxos.9850

Path: /Users/da/Library/Containers/com.apple.Safari/Data/Library/Caches/com.apple.Safari/WebKitCache/Version 16/Records/DB80285802190D06E65F8029DC01D2310F54DD5B/Resource/09BB004296446B5709F586B466E7490F44C12C98-blob=>(INFECTED_JS)

We deleted the file to prevent malicious commands from being executed on your device."

Since the anti-virus program deletes the file, one cannot examine it. I think the JS designations here means javascript. Every single page of my own sites generate this warning. I think it comes from a js header file in the Template folder of UNA.

  • 1017
  • More
Attachments
Replies (7)
    • Hey @banister

      I'm having this problem on my UNA installation, which is nearly production ready.

      Interestingly enough, I don't get the popup when browsing una.io

      I can confirm it is the /template/_header_js.html file

      I submitted the file to Bitdefender to see what they are saying.

      Glad to see it's not just me and I have high hopes it's a false positive :) - it would be interesting to see if someone at UNA can pitch in and tell us more

      • The problem is already under investigation by the dev team. When I first reported it, I thought that it must be a positive false, because the virus software on my office machine detected it as a trojan, whereas the antivirus on my private computer didn't. Since there were no other reports about that issue in the forum here until yesterday, I didn't care any much further. It seems that most antivirus programs do not classify the file as malware, but some others do.

        • Bitdefender has removed the una code from their database of malicious strings.

          All is well.

          • Hi @banister, how do you know that? Did you get in touch with them and did they confirm that?

            • Seems to be fixed by the dev team. No more alerts from my antivirus, as well.

              Edit: On https://ci.una.io/test the problem still exists

              Edit2: Devs fixed it.

              • image_transcoder.php?o=sys_images_editor&h=679&dpx=2&t=1662515253

                As you can see, I was receiving alerts every minute I was on a UNA site - each time I changed pages. Now, I see that the Bitdefender database has been updated and there are no more alerts.

                This program comes with browser extensions but can be used without them. That may explain why some users of Defender do not receive an instant alert. I cannot say for sure.

                • That's awesome. Great to know that the problem has been fixed.

                  Login or Join to comment.