Text only | Text with Images

Roundcube Community Forum

News and Announcements => General Discussion => Topic started by: chatwizrd on August 24, 2010, 09:35:02 AM

Title: clamav scan detects problem
Post by: chatwizrd on August 24, 2010, 09:35:02 AM
/usr/local/www/apache22/data/roundcube/program/js/tiny_mce/plugins/paste/js/pasteword.js: PUA.HTML.Infected.WebPage-1 FOUND

Clamav tags this file as a pua.

What can we do to resolve this issue?
Title: clamav scan detects problem
Post by: alec on August 24, 2010, 12:13:35 PM
# clamscan pasteword.js
pasteword.js: OK

----------- SCAN SUMMARY -----------
Known viruses: 817327
Engine version: 0.96.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.534 sec (0 m 3 s)
Title: clamav scan detects problem
Post by: chatwizrd on August 24, 2010, 04:22:26 PM
Guess you didnt enable pua then did you...

--enable-pua=yes
Title: clamav scan detects problem
Post by: alec on August 25, 2010, 02:44:41 AM
Right, I didn't. I've found that signature for this PUA is
Code Select
<iframe{WILDCARD_ANY_STRING}</iframe>{WILDCARD_ANY_STRING}<html>
So, this could be simply fixed with this patch:
Code Select

--- pasteword.old       2010-08-25 08:34:48.000000000 +0200
+++ pasteword.js        2010-08-25 08:41:05.457746590 +0200
@@ -5,7 +5,7 @@
                var ed = tinyMCEPopup.editor, el = document.getElementById('iframecontainer'), ifr, doc, css, cssHTML = '';
 
                // Create iframe
-               el.innerHTML = '';
+               el.innerHTML = '<' + 'iframe id="iframe" src="javascript:\'\';" frameBorder="0" style="border: 1px solid gray">';
                ifr = document.getElementById('iframe');
                doc = ifr.contentWindow.document;
Text only | Text with Images