Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CRITICAL issues found

SOLVED
Go to solution
‎09-22-2019 04:02 PM
‎09-22-2019 04:02 PM

CRITICAL issues found

Today we receive email alert:  CRITICAL issues found

 

On checking the 'Security Report' we see this:

 

Your site has failed a scan. This means it is vulnerable to attack or already a victim of malicious software.

Your site is compromised with injected JavaScript malware. (97)
Malicious code signature(s) have been found in these resources.........................

 

Well this is not the first time this has happened, we had it a few weeks ago, so had some clues to the cause.  So we disabled javascript minification, and manually ran another scan, which reported no problems.  Then we re-enabled javascript minification, ran another scan and got the exact same dire CRITICAL warning !!

 

What's with this scanner, it's clearly broken, and I'm not sure anyone at Magento cares , as we never received any feedback to the previous incident, also caused by minification.

 

Thing is, if false positives are thrown like this on a repeat basis, then it really is cry wolf, people will and probably are already abandoning this scanner tool

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
‎09-25-2019 08:26 AM
‎09-25-2019 08:26 AM

Re: CRITICAL issues found

Please send the email to securityscan@magento.com

Please make sure to specify the store URL you are scanning.

View solution in original post

5 REPLIES 5
‎09-23-2019 01:26 AM
‎09-23-2019 01:26 AM

Re: CRITICAL issues found

Hi @fieldcutter 

 

You may contact @msavich to get more help.
Send a personal message with description of issue and site url.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
‎09-23-2019 06:41 AM
‎09-23-2019 06:41 AM

Re: CRITICAL issues found

Thank you @msavich

We do  not have an issue

The problem appears to be the Magento Security scanner.

On occasion the scanner flags minified JS and CSS as malware.

We confirmed this by simply scanning minified code, and scanning non-minified code.

When the JS and CSS is not minified, the scanner does not flag malware.

When the JS and CSS is minified, the scanner DOES flag malware.

 

not seeing any way to PM you

 

0 Kudos
‎09-25-2019 08:26 AM
‎09-25-2019 08:26 AM

Re: CRITICAL issues found

Please send the email to securityscan@magento.com

Please make sure to specify the store URL you are scanning.

‎10-06-2019 02:05 PM
‎10-06-2019 02:05 PM

Re: CRITICAL issues found

Thank you @msavich

 

False postive resolved, great work by Magento !!

0 Kudos
‎10-13-2019 05:48 AM
‎10-13-2019 05:48 AM

Re: CRITICAL issues found

Well the fix only lasted one week............

 

Updated to 2.3.3 and exact same issue again.

 

Seems to Magento Security Scanner can't deal with minified js / css

 

0 Kudos