search

reduxframework / redux-framework

Redux is a simple, truly extensible options framework for WordPress themes and plugins!
http://redux.io
Other
1.74k stars 584 forks source link

Malware in files in ReduxCore folder #3193

Closed Outlines closed 7 years ago

Outlines commented 7 years ago

I'm not asking for support for a theme/plugin. But you may be interested in information:

I purchased a theme on ThemeForest called “PodCaster” and when downloading it to my computer, my F-Secure caught two instances of malware in it. The author mentioned that the files affected are in the Redux plugin folder. the malware report from F-Secure shows that to be the case. I thought you’d appreciate knowing about the issue. here is the scanning report from F-Secure showing Redux.

Scanning Report 14 December 2016 10:26:45 – 10:27:07

Result: 2 malware found Trojan.Script.656296 (virus)

C:\Users\Username\Desktop\themeforest-6804946-podcaster-multimedia-wordpress-theme.zip\podcaster-files-1.6\podcaster.zip\podcaster\functions\plugins\thst-feed.zip\thst-feed\options**ReduxCore**\inc\fields\button_set\field_button_set.min.js

C:\Users\Username\Desktop\themeforest-6804946-podcaster-multimedia-wordpress-theme.zip\podcaster-files-1.6\podcaster.zip\podcaster\functions\tgmpa\plugins\thst-feed.zip\thst-feed\options**ReduxCore**\inc\fields\button_set\field_button_set.min.js

Statistics Scanned:

Files: 3165 Not scanned: 0

Result: Viruses: 2 Spyware: 0 Suspicious items: 0 Riskware: 0

Definitions version: Viruses: 2016-12-14_11 Spyware: 2016-12-14_11

Scanning Engines: F-Secure Aquarius: 11.00.01, 2016-12-14 F-Secure Hydra: 5.15.154, 2016-12-14 F-Secure Online: 16.21.69, 2014-04-28 F-Secure Gemini: 3.02.414, 2016-12-14

Actions: Viruses: Ask after scan Spyware: Ask after scan

Copyright © 1998-2014 Product support | Send virus sample to F-Secure

Support Hash

Steps to reproduce

Expected Behavior

Actual Behavior

Any Error Details (PHP/JavaScript)

dovy commented 7 years ago

Interesting, you're welcome to look in those files. There's no malware, but rather standard JavaScript. Sounds like a false alarm. Here's the actual source of that minified file:

https://github.com/reduxframework/redux-framework/blob/master/ReduxCore/inc/fields/button_set/field_button_set.js

Might want to contact the authors to see why they're doing that. But their copyright says only 2014. Might be a bit old. ;)

Let me know if you find anything. We'll gladly change small things if it removes false scans.

Outlines commented 7 years ago

Thank you for the swift reply. I've let the theme guy know and we'll see what happens.