Summary
Even after the update, the hosting antivirus system issues suspicions about the codes that I attach pictures to this post. What can it mean? Viruses? Are the codes unsafe? And now what to do about it?
Step to reproduce
Hosting does the check itself with its antivirus. Hosting Sweb.ru
Observed behavior
there have been no hacking attempts yet. but that doesn’t mean anything
Expected behavior
Ideally, there should be no suspicion of the code. And if there is, is it like this originally in ModX or did I pick up something in terms of viruses?
Environment
[Revolution 3.0.4 Released].
Apache Version Apache/2.4.57 (Gentoo) mod_dp/0.99.9 PHP/8.1.21
I’m pretty sure these are false positives.
I don’t see anything “suspicious” in the code that gets flagged.
Also, both examples seem to be from inside a transport package. The first example (modx.config.js.php
) probably even from an old MODX 2 version. (It’s hard to say because you don’t provide the whole paths).
public_html/core/packages/core/modContext/b3a6dfa692e52f0aed490bada1eca6ae/1/controllers/default/browser/index.class.php
public_html/core/packages/core/xPDOFileVehicle/708f937e96b783c3b078e2be3ef40942/modx.config.js.php
I hope so too, so I decided to consult with you
So it’s standard MODX core code.
According to the file structure from MODX 2.x.
These files in core/packages/
are never executed. The corresponding files (that are actually executed) should be located in connectors/modx.config.js.php
and manager/controllers/default/browser/index.class.php
. Why are these files not flagged if they contain the same code?
1 Like
Maybe that’s why it is displayed as suspicious code, because the old version repeats the new one? In this situation, what do you recommend to do? Delete files from 2.00? Or leave it as it is?
Just leave it as it is.
I really think there is nothing wrong here.
1 Like