[Solved] Bitdefender Warning

eBlocker Open Source Forum

Last Post by Random 1 Jahr ago

5 Posts

3 Users

1 Reactions

23 Views

RSS

TomTom

(@tomtom)

Active Member

Joined: 2 Jahren ago

Posts: 5

Topic starter 22/04/2024 1:45 pm

Hello eBlocker user

This warning always appears when I visit eblocker.org

Greetings
Thomas

Client OS

Browser

eBlocker hardware

Client OS version

Browser version

eBlockerOS version

ReplyQuote

Random

(@random)

Illustrious Member Admin

Joined: 5 Jahren ago

Posts: 2056

22/04/2024 2:56 pm

@tomtom I think this is a false positive for a plugin we are using.

Nevertheless we asked the plugin developer for feedback. See https://wordpress.org/support/topic/bitdefender-shows-malware-warning-for-koko-analytics/#new-topic-0

THX!

ReplyQuote

Benne

(@benne)

Famed Member Admin

Joined: 5 Jahren ago

Posts: 1084

22/04/2024 3:48 pm

@random

I just checked the only SVG in the koko repo. Looks all good to me:

<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" data-name="Layer 1"><circle shape-rendering="geometricPrecision" cx="32" cy="32" r="32" style="display:inline;fill:#b60205;fill-opacity:1;stroke-width:1.01241"/><path d="M48.42 20.641a.6.6 0 0 0-.66.15L31.984 37.736l-7.36-7.36a.6.6 0 0 0-.848 0l-8.4 8.4a.6.6 0 0 0-.176.424v3.6a.6.6 0 0 0 .6.6h32.4a.6.6 0 0 0 .6-.6V21.2a.6.6 0 0 0-.38-.559z" style="fill:#fff;fill-opacity:1;stroke-width:.6"/><path d="M48.42 20.641a.6.6 0 0 0-.66.15L31.984 37.736l5.664 5.664H48.2a.6.6 0 0 0 .6-.6V21.2a.6.6 0 0 0-.38-.559z" style="fill:#fff;fill-opacity:1;stroke-width:.6"/></svg>

Just path info. No script. No malware.

I agree that this is very probably a false positive.

ReplyQuote

TomTom

(@tomtom)

Active Member

Joined: 2 Jahren ago

Posts: 5

Topic starter 22/04/2024 8:08 pm

Thanks for the info.

I'll just ignore it then. I will add an exception in Bitdefender.

ReplyQuote

Random

(@random)

Illustrious Member Admin

Joined: 5 Jahren ago

Posts: 2056

23/04/2024 8:02 am

@tomtom

From the wordpress forum and the developer of koko:

Heh, that’s really weird. If you site itself is clean and koko-analytics-collect.php has the correct file content (see here), then yeah, this is surely a false positive.
Perhaps they think that the way Koko Analytics collect its statistics is suspicious, although I fail to see how it’s any different from the tracking endpoints used by other analytics solutions out there.
The stated reason is especially weird “SVG.Metamorph.Gen.1”. I did a quick search around the internet and it seems to be targeting attacks like this, but Koko Analytics is doing nothing that even remotely looks like that.
I am going to report your website to BitDefender as a false positive so they can take a closer look at this and hopefully remove it from their detection algorithm: https://www.bitdefender.com/consumer/support/answer/29358/
Best,
Danny

THX!

CalimerO reacted

ReplyQuote