cancel
Showing results for 
Search instead for 
Did you mean: 

CRITICAL issues found

SOLVED

CRITICAL issues found

Today we receive email alert:  CRITICAL issues found

 

On checking the 'Security Report' we see this:

 

Your site has failed a scan. This means it is vulnerable to attack or already a victim of malicious software.

Your site is compromised with injected JavaScript malware. (97)
Malicious code signature(s) have been found in these resources.........................

 

Well this is not the first time this has happened, we had it a few weeks ago, so had some clues to the cause.  So we disabled javascript minification, and manually ran another scan, which reported no problems.  Then we re-enabled javascript minification, ran another scan and got the exact same dire CRITICAL warning !!

 

What's with this scanner, it's clearly broken, and I'm not sure anyone at Magento cares , as we never received any feedback to the previous incident, also caused by minification.

 

Thing is, if false positives are thrown like this on a repeat basis, then it really is cry wolf, people will and probably are already abandoning this scanner tool

1 ACCEPTED SOLUTION

Accepted Solutions

Re: CRITICAL issues found

Please send the email to securityscan@magento.com

Please make sure to specify the store URL you are scanning.

View solution in original post

5 REPLIES 5

Re: CRITICAL issues found

Hi @fieldcutter 

 

You may contact @msavich to get more help.
Send a personal message with description of issue and site url.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: CRITICAL issues found

Thank you @msavich

We do  not have an issue

The problem appears to be the Magento Security scanner.

On occasion the scanner flags minified JS and CSS as malware.

We confirmed this by simply scanning minified code, and scanning non-minified code.

When the JS and CSS is not minified, the scanner does not flag malware.

When the JS and CSS is minified, the scanner DOES flag malware.

 

not seeing any way to PM you

 

Re: CRITICAL issues found

Please send the email to securityscan@magento.com

Please make sure to specify the store URL you are scanning.

Re: CRITICAL issues found

Thank you @msavich

 

False postive resolved, great work by Magento !!

Re: CRITICAL issues found

Well the fix only lasted one week............

 

Updated to 2.3.3 and exact same issue again.

 

Seems to Magento Security Scanner can't deal with minified js / css