Today we receive email alert: CRITICAL issues found
On checking the 'Security Report' we see this:
Your site has failed a scan. This means it is vulnerable to attack or already a victim of malicious software.
Your site is compromised with injected JavaScript malware. (97)
Malicious code signature(s) have been found in these resources.........................
Well this is not the first time this has happened, we had it a few weeks ago, so had some clues to the cause. So we disabled javascript minification, and manually ran another scan, which reported no problems. Then we re-enabled javascript minification, ran another scan and got the exact same dire CRITICAL warning !!
What's with this scanner, it's clearly broken, and I'm not sure anyone at Magento cares , as we never received any feedback to the previous incident, also caused by minification.
Thing is, if false positives are thrown like this on a repeat basis, then it really is cry wolf, people will and probably are already abandoning this scanner tool
Solved! Go to Solution.
Please send the email to securityscan@magento.com
Please make sure to specify the store URL you are scanning.
Hi @fieldcutter
You may contact @msavich to get more help.
Send a personal message with description of issue and site url.
Thank you @msavich
We do not have an issue
The problem appears to be the Magento Security scanner.
On occasion the scanner flags minified JS and CSS as malware.
We confirmed this by simply scanning minified code, and scanning non-minified code.
When the JS and CSS is not minified, the scanner does not flag malware.
When the JS and CSS is minified, the scanner DOES flag malware.
not seeing any way to PM you
Well the fix only lasted one week............
Updated to 2.3.3 and exact same issue again.
Seems to Magento Security Scanner can't deal with minified js / css