Is there a trojan in Piwik 0.6?


(BologNese) #1

Hi,
I have used Piwik 0.5.5 for some time …
Most of it went fine.

I’ve updated to 0.6 and have problems now:
Working with Piwik results in Warnings by Kaspersky Internet Security:
I guess it’s not normal.
Can someone approve what’s going on?

The messages: (sorry , German only as I use Kaspersky in German)

messages attached…

Is Piwik safe? or not?

Thanks for help


(Matthieu Aubry) #2

there is absolutely no trojan in Piwik! Do you have more info about why Kaspersky think there is trojan?

is there a free version of Kaspersky that we can try to replicate the issue?


(vipsoft) #3

There are trial versions that you can download from the Kaspersky site.

Looking at the Kaspersky site, they added “Trojan-Downloader.JS.Iframe.cag” to their detection on Apr 23, but their database doesn’t provide any other description of the threat (e.g., signature).

I’ve reported the false alarm on the Kaspersky site (there’s a web form for this), and presumably, they will investigate and fix in a future database update. (Don’t hold your breath. IIRC the Clicky dev has long complained about Kaspersky.)


(Matthieu Aubry) #4

Thanks Anthon for your quick response! let us know if they ever reply…


(vipsoft) #5

I used: hello (at) piwik (dot) org.


(BologNese) #6

Thanks for your answers.
Good to know it’ a false alarm.

I’ve downloaded all the files from the server …compared them to the ones I originally uploaded… no change between them ( I didn’t expect any… but just to be sure). Checked the files with Kaspersky scanner … no complaint. So I guess it’s something in the URL that is similar to that trojan and causes the alarm.

Well … I too am curious about their answer.


(vipsoft) #7

My understanding is the trojan is javascript-related. Evidently there’s a bug in the Kaspersky detection if it’s flagging css and xml content.


(vipsoft) #8

BologNese: Can you use curl or wget to retrieve the output from those URLs on your server, package them up in a zip file, password protect it (using “infected” as the password), and email to newvirus@kaspersky.com?

They’ll probably also want to know what version of Kaspersky Internet Security and virus database you have.

Thanks.


(BologNese) #9

Sorry I can’t use these things … I’m on a shared hosting environment.

But things have developed:
Yesterday I had lots of those alarms on all kinds of things …even on cmsms (my CMS)
Kasperskyx complained about almost everything … even pictures.
The in the late afternoon … after an update of their database all those messages were gone. I haven’t changed anything. Very strange.

The day before yesterday I tried to install PIWIK to another webspace … I couldn’t even get to the installation screen ( messages as the attached ones).
Now I’ve tried to do the same thing again … worked like a charm.

So maybe it really was a problem with false positives. Strange enough one can still not find a description of that trojan.

So for the moment I regard this topic solved and hope it doesn’t return.

Thanks nevertheless for your help.

PS.: I do not get mail messages when a comment is added. I’ve already checked spam filters … nothing there. So is there anything I missed to check?


(fredsy) #10

Hello all,

I use the latest Norton Internet Security and it seems that Norton also have a problem with piwik. I’ve updated to 0.6 last week and till then I get the warning in browser from Norton IS:
“Website is not safe - Unnoticed Downloads - An unnoticed download is computer code that exploits a software bug in a Web browser. It influences the browser to do what the attacker wants to execute malicious code, for example, bring the browser to crash or data read on the computer. Software errors that lead to attacks on the browser, also known as vulnerabilities.”

Did anybody know about that.

Thanks for reply


(vipsoft) #11

fredsy: please contact Symantec with your version number, virus definition database version, and logs from NIS.

BologNese: there’s a Post Option to “Enable email notifications of replies?” that’s unselected by default. Next time, just enable it.


(1derekstrumms) #12

same here, i’m using kaspersky and never been invaded by trojan.