Posted by tuuan on January 2, 2008 at 6:32pm
Hello,
Anybody else experiencing problems with there Drupal site ? And getting JS/Exploit-BO messages from McAfee virusscanner after updating to newest Dat file (the one from today, 2 dec 2008).
This morning (and before) didn't have any problems. After the update get these anoying messages of a possible Trojan. I see on the McAfee website they changed the detection for JS/Exploit-BO (http://vil.nai.com/vil/content/v_143520.htm#threat-minimum-dat) ... Is this a problem in the code of did the guys from McAfee screw up something ?
Hope some of you guys have the same problem ... Just to be sure it's not my fault :-)
I even get these messages when I use the search function on this site (drupal.org).
Kind regards
Comments
+1
+1
McAfee 5197
I just got done talking to McAfee support and they seem to think that it is a problem with the DAT and that we're getting a false positive. They have escalated the issue to AVERT (whatever that means).
I did do an experiment with a machine that had DAT 5196. Worked with 5196 broke with 5197...
So I think that the Drupal Coders are in the clear...
Cheers,
Wade
Same here. I'll better wait
Same here. I'll better wait releasing oure new website :-(
What's causing McAfee to react? A specific Javascript?
It looks like (only) Drupal based websites experience this problem.
Best regards,
Maik
Best regards,
Maik
Non-Drupal sites affected too..
One of my users just called me about this problem. I was "glad" to see that the site was not a Drupal site. http://www.homeaway.com/
So, it's not just Drupal... Phew.....
W
Thought so ...
Thanks for the replies, always better to know you're not alone :-)
By the way AVERT stands for Anti-Virus Emergency Response Team (http://www.avertlabs.com/MyAvert/)
Hopefully tomorrow all will be as it was ...
We shall see
It appears to be triggering
It appears to be triggering on jquery.js, which is pretty widely used: http://jquery.com/
I imagine a lot of sites have this issue.
replace jquery with newest version
replace misc/jquery.js on your drupal site with the newest version on the jquery site (1.2.1 packed).
http://docs.jquery.com/Downloading_jQuery
clear your cache
this seems to take care of it.
-Pat
I had always assumed there
I had always assumed there was a reason for the drupal developers not to upgrade jquery in the distribution. 1.2.1 seems to work, except for the dragbar at the bottom of text areas. if you click the dragbar in ie or firefox, you can't get it to release your mouse without refreshing or navigating to another page.
Updating jQuery to 1.2.1 and McAfee still picks up js exploit-bo
I have updated jQuery on one of my sites http://www.forumforthefuture.org.uk/greenfutures and am still having users report McAfee as detecting the script as an exploit, even having updated their DAT to version 5200.
Is anyone else experiencing this issue?
Rich
McAfee release 5198 dat file
McAfee release 5198 dat file (http://vil.nai.com/vil/datreadme.aspx?seldatfiles=5198). Everything seems to work fine after updating to this version.
Good work. Although I'll let the update jsquery on my site ... just in case McAfee "correct" the update again :-)
my personal experience
I got just yesterday the "JS/Exploit-BO.gen" trojan announced with Mcaffe in my web www.autismoaba.org only through IE browser. Nothing on Firefox.
After a while, my second domain autismoaba.com got unparked. Finally I could not get through the main page. Logs said they did not exist.
I have Fantastico installed. After talking with my hosting they installed a backup copy on my page. It did not do anything.
Finally I decided to uninstall drupal and reinstall again. Thankfully I have a drupal backup from two days ago.
It seems that everything works now.
What I did before this issue, I installed the Captcha module, but I do not think this is related to the issue.
Just my two cents (please, remember I am not an expert...)
Jorge Campo
http://autismoaba.org