Bitdefender shows Trojan Warning in Firefox Profile Cache at loading RPI Monitor Website

[Peacemaker80]

Hallo,

i don't know if it is a bug but every time i load or reload the Webinterface of RPIMonitor on my PI3 or PI4 with the newest Raspbian and all updates my Bitdefender Internet Security on my Win 10 Machine comes up with the Warning Message that JS:Trojan.Cryxos.3793 was found in Firefox Profile Cache and move this in Quarantine. After setup a fresh Rasbian install its the same. Anybody else have this issue? My Win 10 Machine is clean, after full scan and it only appears if i load the RPI Interface.

Thanks for an answer

[licaon-kter]

But what script? File? Dig into Bitdefender logs

[Peacemaker80]

C:\Users\XXXX\AppData\Local\Mozilla\Firefox\Profiles\YYYYYYY.default-12345678\cache2\entries\1B946087BA0A8A01FF56A44ACE2EB09D86BBCA68 ist mit JS:Trojan.Cryxos.3793 infiziert.

X, Y and 12345678 are replacements for personal data. It looks like the cached Data of the Webinterface brings up the Warning. False Positve?

[Peacemaker80]

Ok i have take a look in this File in Quarantine and post it now: ` // +--------------------------------------------------------------------+ \ // ¦ Raphaël 2.1.0 - JavaScript Vector Library ¦ \ // +--------------------------------------------------------------------¦ \ // ¦ Copyright © 2008-2012 Dmitry Baranovskiy (http://raphaeljs.com) ¦ \ // ¦ Copyright © 2008-2012 Sencha Labs (http://sencha.com) ¦ \ // +--------------------------------------------------------------------¦ \ // ¦ Licensed under the MIT (http://raphaeljs.com/license.html) license.¦ \

BLAH BLAH BLAH very much code....

// +--------------------------------------------------------------------+ \

:http://123.123.123.3:8888/js/raphael.2.1.0.min.js strongly-framed 1 request-method GET response-head HTTP/1.1 200 OK Date: Thu, 28 May 2020 13:05:17 GMT Server: libwww-perl-daemon/6.01 Content-Type: application/javascript Content-Length: 90075 Last-Modified: Sat, 26 Aug 2017 20:16:42 GMT original-response-headers Date: Thu, 28 May 2020 13:05:17 GMT Server: libwww-perl-daemon/6.01 Content-Type: application/javascript Content-Length: 90075 Last-Modified: Sat, 26 Aug 2017 20:16:42 GMT ctid 2 uncompressed-len 0
_ `

[Peacemaker80]

I think the file http://123.123.123.3:8888/js/raphael.2.1.0.min.js produces the error

[Peacemaker80]

In Chrome no bitdefender warnings were shown at loading the webinterface of RPI Monitor. ?

[licaon-kter]

This file? https://github.com/XavierBerger/RPi-Monitor/blob/develop/src/usr/share/rpimonitor/web/js/raphael.2.1.0.min.js

Looks fine: https://www.virustotal.com/gui/file/27b96ab9ad424b0a8088ed06946853db481d1581669b49fc4f4fab2968bd9b36/detection

Can you download the whole repo and scan it locally?

[Peacemaker80]

After download all an scan it directly no warnings occur. Only the firefox tempfile which contains the cached version of this .js file produces the error...... Very strange... Must be a error in firefox in addtion to this javascript or a false positve. I will compare the files on the pi and the download from github with notepad++.