Advertisement
ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Intern
- Posts: 58
- Joined: Tue May 08, 2007 12:00 pm
ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
Hi,
ClamAV Scan found the virus Html.Exploit.CVE_2016_0108 on a template.css file of my site. What are the risks? How do I identify and remove the code from the file? Cannot delete the file because it is required.
How can I know in case this scan result is a false positive?
Thanks for any help.
ClamAV Scan found the virus Html.Exploit.CVE_2016_0108 on a template.css file of my site. What are the risks? How do I identify and remove the code from the file? Cannot delete the file because it is required.
How can I know in case this scan result is a false positive?
Thanks for any help.
Advertisement
- Webdongle
- Joomla! Master
- Posts: 44890
- Joined: Sat Apr 05, 2008 9:58 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
Depends on where you downloaded the file from. If it is a genuine Template that contains code for it's own purpose then (imho) just unistall it. If you downloaded from a warez site then treat your site as hacked. Also please http://forum.joomla.org/viewtopic.php?f=621&t=582860
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 58
- Joined: Tue May 08, 2007 12:00 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
Thanks for your reply. The file is a custom .css developed by my developer when he customized the site style.
it´s not obtained from dubious sources.
it´s not obtained from dubious sources.
- mandville
- Joomla! Master
- Posts: 15161
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
sounds very odd. what has your developer installed into the css file that would trigger the alert.raise it with your developer. perhaps put your css file here so that others can look at it
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/
-
- Joomla! Intern
- Posts: 58
- Joined: Tue May 08, 2007 12:00 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
It's been 18 months since the .css file was put in Place to customize the site style. only yesterday was the virus detected. I do scans with ClamAV twice weekly.
- Webdongle
- Joomla! Master
- Posts: 44890
- Joined: Sat Apr 05, 2008 9:58 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
It could be a 'false positive' but if it isn't then treat the as hacked. Use the Host's cp to password protect the site while the file is examined. If it has been hacked then
Step #f can be done on localhost
- Run the fpa and post on here
- Uninstall any untrusted 3rd party extensions and Templates https://vel.joomla.org/live-vel
- Delete all the files on the server
- Scan your computer and all computers that have server or Joomla admin access
- Change Passwords
- Install Joomla (of the same version) to a new database. Install up to date 3rd party extensions (that are not on the VEL) then edit the configuration.php to connect to the original database. Update Joomla if you have and old version
- Change your Joomla SU/Admin Passwords and check the users/groups/access levels are correct and not been tampered with. Update your Joomla And run the fpa again
Step #f can be done on localhost
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 58
- Joined: Tue May 08, 2007 12:00 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
Thank you for your recommendations. I will consider all your points. Appreciate your help.
- Webdongle
- Joomla! Master
- Posts: 44890
- Joined: Sat Apr 05, 2008 9:58 pm
Re: ClamAV Scan found the virus Html.Exploit.CVE_2016_0108
My gut feeling is that it's a 'false positive' ... but you will need to examine the file. You may like to try http://forum.joomla.org/viewtopic.php?f=714&t=778692 it will hi-light where else to look. Use with discretion and read the whole post before use.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
Advertisement