forum post assistant showing virus on download

This Forum board is about discussions about the FPA tool.

Moderator: General Support Moderators

Forum rules
shortyxxx
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Oct 29, 2019 12:37 pm

forum post assistant showing virus on download

Post by shortyxxx » Thu Dec 05, 2019 4:18 pm

hi
FORUM POST ASSISTANT SHOWING VIRUS ON DOWNLOAD

Just there now.
Last edited by mandville on Thu Dec 05, 2019 4:45 pm, edited 1 time in total.
Reason: retitled as per forum etiquette- dont write in caps.

 
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14926
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: FORUM POST ASSISTANT SHOWING VIRUS ON DOWNLOAD

Post by mandville » Thu Dec 05, 2019 4:43 pm

it is a false positive. the FPA is a single php file that reads but does not write to your server.
what AV reported this ?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14926
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: forum post assistant showing virus on download

Post by mandville » Thu Dec 05, 2019 4:45 pm

does this topic help?
viewtopic.php?f=806&t=974477
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

shortyxxx
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Oct 29, 2019 12:37 pm

Re: forum post assistant showing virus on download

Post by shortyxxx » Thu Dec 05, 2019 5:21 pm

It refuses to Download on Chrome. Thats all i know. I cannot open the Zip file to see what it holds because download did not complete.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 5:55 pm

WIndows 10, correct?
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14926
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: forum post assistant showing virus on download

Post by mandville » Thu Dec 05, 2019 5:58 pm

HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: FORUM POST ASSISTANT SHOWING VIRUS ON DOWNLOAD

Post by sozzled » Thu Dec 05, 2019 6:13 pm

mandville wrote:
Thu Dec 05, 2019 4:43 pm
It is a false positive ...
I agree ... but ... it doesn't help when the AV software prevents people from being able to download the package (or, more particularly, one part of the package).

mandville wrote:
Thu Dec 05, 2019 4:43 pm
The FPA is a single php file that reads but does not write to your server.
Ultimately, that's true but the first part of the problem is to extract the file fpa-en.php, then upload that file to the webserver, and then to execute it. We know that some people (even I) cannot do this in some situations.

In fact, even if people can extract the file by other means (e.g. copy the code directly from GitHub, paste the text into a file called fpa-en.php) and attempt to upload the file to the server, people cannot do that either! There's a block both on download and on upload.

mandville wrote:
Thu Dec 05, 2019 4:43 pm
What AV reported this?
I'm making an educated guess that the environment, under which the OP is trying to download (whether we're talking about using Chrome, Firefox, MS Edge or any other web browser) is Windows 10 while Windows Defender Smartscreen is running. I'm saying, based on an educated guess, that if you disable Windows Defender Smartscreen you won't have this problem and you'll be able to use the FPA.

However, before running away with this discussion, let's check the basic assumption: are we talking about a situation involving Windows 10?
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

frostmakk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 176
Joined: Sun Dec 28, 2014 9:30 am
Location: Stavanger, Norway

Re: forum post assistant showing virus on download

Post by frostmakk » Thu Dec 05, 2019 6:46 pm

I've done a little experiment.
I removed a blank line and saved the file again so that github would give the download a new filename.
Check if the AV's are still complaining.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 7:06 pm

I will assist in this experiment (to be discussed in another place on the forum).
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3827
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: forum post assistant showing virus on download

Post by abernyte » Thu Dec 05, 2019 7:16 pm

OP has concurrent issue open elsewhere which may be related. viewtopic.php?f=708&t=976272
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 7:18 pm

@frostmakk: see the test I ran (elsewhere). Even with the change you made, I was unable to download the ZIP with Windows Defender enabled. I could, however, copy the executable file using FTP from my Win10 PC to the target site using FTP.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 7:20 pm

@abernyte: true but unrelated to this discussion which is about how to use the FPA in the OP's current [client] workspace. I think—it has yet to be confirmed—we are talking about Win10 and Windows Defender SmartScreen. I could be wrong but I am waiting for the OP to confirm this.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

shortyxxx
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Oct 29, 2019 12:37 pm

Re: forum post assistant showing virus on download

Post by shortyxxx » Thu Dec 05, 2019 9:36 pm

Hi
Sorry for delay.
I have Chrome on Windows 10 never heard of smartscreen

shortyxxx
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Oct 29, 2019 12:37 pm

Re: forum post assistant showing virus on download

Post by shortyxxx » Thu Dec 05, 2019 9:40 pm

Could somebody send me the FPA as a ZIP using www.wetransfer.com to my email address.
That would allow me to troubleshoot my other problem (no backend access).

websroger
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 135
Joined: Tue Jan 04, 2011 4:23 pm
Location: Fort Collins, CO, USA
Contact:

zipped FPA from github comes with virus?

Post by websroger » Thu Dec 05, 2019 9:40 pm

I tried to download from Github a copy of Forum Post Aassistant, which comes in a zipfile, and my computer rejected it as coming with a virus. Anyone else find this problem? Is it a fault with the Windows Defender? The virus identified is: Backdoor:PHP/Yorcirekrikseng.E

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 9:53 pm

@shortyxxx: Windows Defender SmartScreen is an anti-virus product that is installed and enabled, by default, as part of the Windows 10 operating system. If you want to learn more about Windows Defender SmartScreen I suggest you use Google. If you disable Windows Defender SmartScreen then you should be able to download the FPA .zip file, extract what you need, upload it to your server and use it.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: zipped FPA from github comes with virus?

Post by AMurray » Thu Dec 05, 2019 9:59 pm

I can't scan the file with Windows Defender A/V but both MalwareBytes and McAfee Internet Security don't return anything malicious about the file.

Assume you're using this link: https://forumpostassistant.github.io/docs/
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: zipped FPA from github comes with virus?

Post by AMurray » Thu Dec 05, 2019 10:05 pm

You might also want to read this discussion: viewtopic.php?f=806&t=976273
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: zipped FPA from github comes with virus?

Post by sozzled » Thu Dec 05, 2019 10:06 pm

The FPA tool is not part of Joomla.

For the sake of completeness, this issue has been discussed here:
  1. viewtopic.php?f=806&t=974477
  2. viewtopic.php?f=806&t=975906
  3. viewtopic.php?f=806&t=976273
@AMurray, I think you should be aware that this is a Win10 issue, only, related to the false-positive reading from MS Defender SmartScreen. Other A/V checking tools do not detect any viruses in the .zip.

I have asked the forum moderators to relocate this topic in the correct forum category.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: forum post assistant showing virus on download

Post by AMurray » Thu Dec 05, 2019 10:08 pm

shortyxxx wrote:
Thu Dec 05, 2019 5:21 pm
It refuses to Download on Chrome. Thats all i know. I cannot open the Zip file to see what it holds because download did not complete.
For me, it downloads on Chrome just fine.....I have the McAfee Internet security plugin for the browser, and it didn't return any alerts.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: forum post assistant showing virus on download

Post by sozzled » Thu Dec 05, 2019 10:09 pm

@AMurray: are you using Chrome on Win10?

It doesn't matter if we talk about using Chrome, Firefox, Opera, MS Edge, etc.; it's a Win10/MS Defender SmartScreen issue.

Try it with Win10 and MS Defender SmartScreen enabled. ;)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: zipped FPA from github comes with virus?

Post by AMurray » Thu Dec 05, 2019 10:14 pm

Yes, I concluded that; my reply was just to point out that any other A/V tool is not reporting the problem.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: zipped FPA from github comes with virus?

Post by sozzled » Thu Dec 05, 2019 10:15 pm

W-I-N-D-O-W-S ... T-E-N

Got it? :D

(I have the same problem, too; all users of Win10 might have face this situation. We've been discussing this among the FPA team for the past three months. Nothing resolved yet.)
Last edited by sozzled on Thu Dec 05, 2019 10:19 pm, edited 2 times in total.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: zipped FPA from github comes with virus?

Post by AMurray » Thu Dec 05, 2019 10:16 pm

Yes! I am on windows 10.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5682
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: forum post assistant showing virus on download

Post by AMurray » Thu Dec 05, 2019 10:18 pm

Yes - all I was testing was to make sure it wasn't a wider issue - I know it is a false positive, with Win 10 using Windows Defender.

Case closed ;).
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: zipped FPA from github comes with virus?

Post by sozzled » Thu Dec 05, 2019 10:19 pm

OK You are on Win10 and you have enabled MS Defender SmartScreen? Yes or No?

(Note: MS Defender SmartScreen is part of Win10 and that's why most people won't have the problem. If you disable MS Defender SmartScreen then you won't see the problem.)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14926
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: forum post assistant showing virus on download

Post by mandville » Thu Dec 05, 2019 10:29 pm

Moderator Note: I have moved the topics to the FPA discussion thread as they are nothing to do with joomla security.
Also possibly to the annoyance of some posters i have merged the topics as they are the same thing and merging the topics may help keep from double posting and sanity reasons.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Forum Post Assistant: Windows 10 + Windows Defender SmartScreen

Post by sozzled » Thu Dec 05, 2019 11:21 pm

Thanks, @mandville.

Let's summarise. It's easier to say that the problem relates to Win10 than it is to say the the problem relates to Windows Defender SmartScreen. The reason why I say it's easier to explain it this way is because half of all the people who use Win10 would not know what Windows Defender SmartScreen was.

The problem (about a "virus" with the FPA) is caused by Windows Defender SmartScreen. Let's be totally clear about that. When people see a message that states:
ForumPostAssistant-FPA-v1.4.9-x-xxxxxxxxx.zip is unsafe to download and was blocked by Defender Smartscreen.
or if they see on closer inspection, for example:
The virus identified is: Backdoor:PHP/Yorcirekrikseng.E
these are messages generated by Windows Defender Smartscreen.

I, myself, see these same messages on Win10 with Windows Defender SmartScreen enabled. Let's also remember that, Windows Defender SmartScreen is part of the Win10 operating system and is enabled by default. I should add that I do not normally use Win10 as a browser platform for maintaining my J! websites and I would not use Windows Defender SmartScreen either; I have only enabled the software for the purposes of testing the FPA.

There is a workaround: Disable Windows Defender SmartScreen.

A [possible] long-term solution would be for the FPA team to figure out what Windows Defender SmartScreen is objecting to and to work through that issue. That's a whole other discussion (and we're having it). But, just to re-iterate, no-one is guaranteeing anything about the FPA software; the only thing we're saying is that it's been tested on hundreds/thousands of J! websites and no-one has reported that, as a result of using the FPA, their websites have gone pear-shaped. In other words, we have a high degree of confidence in the safety of the FPA.

I'm sure that we'll revisit this topic many times in the future. I'm sure that, many times in future, people will create new topics to say the same thing: the FPA .zip is contaminated with a virus. The first question to ask, in replying to those new topics, is "Are you using Windows 10?" If the answer is yes, then refer people to this topic.

/end
Last edited by sozzled on Thu Dec 05, 2019 11:46 pm, edited 1 time in total.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14926
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: forum post assistant showing virus on download

Post by mandville » Thu Dec 05, 2019 11:44 pm

you can add your own list of trusted sites for your company or yourself and then turn Windows Defender SmartScreen off for the Trusted Sites zone.

From the Internet Explorer Tools menu, click Internet Options.
In the Internet Options dialog box, click the Security tab.
Click the Trusted sites icon, and then click the Sites button.
In the Trusted sites dialog box, enter the website URL in the Add this website to the zone box, and then click Add. Close the box.
Click Custom level... and select Disable under Use SmartScreen Filter. You may have to scroll through several items.
Click OK.
Click Yes on the pop-up message.
Click OK.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9039
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Forum Post Assistant: Windows 10 + Windows Defender SmartScreen (browser settings)

Post by sozzled » Thu Dec 05, 2019 11:48 pm

Yes, @mandville. That's another workaround, too (for IE11); I haven't tried this approach with MS Edge. There are probably similar settings for Firefox, Google Chrome and other browsers.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

 

Post Reply

Return to “Forum Post Assistant (FPA)”