A number of person stories have surfaced warning that the most recent model of WordPress is triggering trojan alerts and not less than one particular person reported that an internet host locked down an internet site due to the file. What actually occurred was a studying expertise.
Antivirus Flags Trojan In Official WordPress 6.6.1 Obtain
The primary report was filed within the official WordPress.org assist boards the place a person reported that the native antivirus in Home windows 11 (Home windows Defender) flagged the WordPress zip file that they had downloaded from WordPress contained a trojan.
That is the textual content of the unique put up:
“Home windows Defender reveals that the most recent wordpress-6.6.1zip has Trojan:Win32/Phish!MSR virus when i strive downloading from the official wp website
it reveals the identical virus notification when updating from inside the WordPress dashboard of my website
Is that this a false optimistic?”
In addition they posted screenshots of the trojan warning that listed the standing as “Quarantine failed” and that WordPress zip file of model 6.6.1 “is harmful and executes instructions from an attacker.”
Screenshot Of Home windows Defender Warning
Another person affirmed that they have been additionally having the identical concern, noting {that a} string of code inside one of many CSS recordsdata (type code that governs the look of an internet site, together with colours) was the offender that was triggering the warning.
They posted:
“I’m experiencing the identical concern. It appears to happen with the file wp-includescssdistblock-librarystyle.min.css. It seems that a particular string within the CSS file is being detected as a Trojan virus. I want to permit it, however I feel I ought to await an official response earlier than doing so. Is there anybody who can present an official reply?”
Surprising “Answer”
A false optimistic is usually a end result that assessments as optimistic when it’s not truly a optimistic for no matter is being examined for. WordPress customers quickly started to suspect that the Home windows Defender trojan virus alert was a false optimistic.
An official WordPress GitHub ticket was filed the place the trigger was recognized as an insecure URL (http versus https) that’s referenced from inside the CSS type sheet. A URL just isn’t generally thought of part of a CSS file so which may be why Home windows Defender flagged this particular CSS file as containing a trojan.
Right here’s the half the place issues went off in an surprising path. Somebody opened another WordPress GitHub ticket to doc a proposed repair for the insecure URL, which ought to have been the top of the story however it ended up resulting in a discovery about what was actually occurring.
The insecure URL that wanted fixing was this one:
http://www.w3.org/2000/svg
So the one who opened the ticket up to date the file with a model that contained a hyperlink to the HTTPS model which ought to have been the top of the story however for a nuance that was ignored.
The (‘insecure’) URL just isn’t a hyperlink to a supply of recordsdata (and subsequently not insecure) however moderately an identifier that defines the scope of the Scalable Vector Graphics (SVG) language inside XML.
So the issue in the end ended up not being about one thing unsuitable with the code in WordPress 6.6.1 however moderately a difficulty with Home windows Defender that did not correctly determine an “XML namespace” as a substitute of mistakenly flagging it as a URL linking to downloadable recordsdata.
Takeaway
The false optimistic trojan file alert by Home windows Defender and subsequent dialogue was a studying second for many individuals (together with myself!) a few comparatively arcane little bit of coding data relating to the XML namespace for SVG recordsdata.
Learn the unique report:
Virus Issue :wordpress-6.6.1.zip shows a virus from windows defender
Featured Picture by Shutterstock/Netpixi
