Virus in ModX codes


Even after the update, the hosting antivirus system issues suspicions about the codes that I attach pictures to this post. What can it mean? Viruses? Are the codes unsafe? And now what to do about it?

Step to reproduce

Hosting does the check itself with its antivirus. Hosting

Observed behavior

there have been no hacking attempts yet. but that doesn’t mean anything

Expected behavior

Ideally, there should be no suspicion of the code. And if there is, is it like this originally in ModX or did I pick up something in terms of viruses?


[Revolution 3.0.4 Released].

Apache Version Apache/2.4.57 (Gentoo) mod_dp/0.99.9 PHP/8.1.21

I’m pretty sure these are false positives.
I don’t see anything “suspicious” in the code that gets flagged.

Also, both examples seem to be from inside a transport package. The first example (modx.config.js.php) probably even from an old MODX 2 version. (It’s hard to say because you don’t provide the whole paths).



I hope so too, so I decided to consult with you

So it’s standard MODX core code.
According to the file structure from MODX 2.x.
These files in core/packages/ are never executed. The corresponding files (that are actually executed) should be located in connectors/modx.config.js.php and manager/controllers/default/browser/index.class.php. Why are these files not flagged if they contain the same code?

1 Like

Maybe that’s why it is displayed as suspicious code, because the old version repeats the new one? In this situation, what do you recommend to do? Delete files from 2.00? Or leave it as it is?

Just leave it as it is.
I really think there is nothing wrong here.

1 Like