GData Antivirus is blocking my eshop access

This topic has 8 replies, 2 voices, and was last updated 1 years, 2 months ago ago by Rose Tyler

  • Avatar: Rev7
    Rev7
    Participant
    August 7, 2023 at 12:35

    Hello,
    one of my customer sent me a screenshot. He got an alert of his GData Anvirus when trying to access my eshop.
    Is it a fake alert ? Should he add the eshop URL to his AV whitelist ? Or should I disable the XStore compare feature ? Any workaround please ?

    GData antivirus alert

    According to this site (https://www.virustotal.com/gui/home/url), it seems that 2 Antivirus detect my shop as malicious : BitDefender and G-Data.

    VirtusTotal report

    Thank you in advance for your help.
    Best regards.

    7 Answers
    Avatar: Rose Tyler
    Rose Tyler
    Support staff
    August 7, 2023 at 15:07

    Hello, Rev7,

    Thank you for contacting us and for using XStore.

    Our theme does not contain any viruses or any other harmful code. Such an error may be caused by third-party plugins, modifications to theme files or plugins, or it could be due to a server breach, which consequently infects all websites on it.

    We advise you to initially disable all third-party plugins and check for the presence of the error.

    If this doesn’t help, provide us with temporary wp-admin and FTP access, s so we can take a closer look.

    Kind Regards,
    8theme team

    Please contact administrator
    for this information.
    Avatar: Rev7
    Rev7
    Participant
    August 8, 2023 at 09:28

    Thank you for your answer.
    I don’t think the problem comes from a 3rd party plugins, I don’t have plugins for product comparison, only the XStore one.

    As you can see in the screenshot, the AV points to that URL :
    https://www.imagin-aire.fr/wp-content/plugins/et-core-plugin/packages/xstore-compare/assets/js/script.min.js?ver=1.0

    I didn’t modify this script. Only this script seems to be considered like a virus by 2 different antivirus (on the 90 tested on Virustotal website). That’s why I think it’s a false alert but it’s enough for my customers using these 2 to not be able to visit my eshop.

    Can you check the script and if you can do something please ?
    Thank you.

    Please contact administrator
    for this information.
    Avatar: Rose Tyler
    Rose Tyler
    Support staff
    August 8, 2023 at 15:37

    Hello, Rev7,

    Thank you for your response.

    The issue persists not only with the use of our theme/plugin but also with the default theme, as detailed in the video provided in the Private Content area.

    We have also deactivated all third-party plugins, yet the error still exists.

    We have deleted the file at the following URL: https://www.imagin-aire.fr/wp-content/plugins/et-core-plugin/packages/xstore-compare/assets/js/script.min.js?ver=1.0. However, it still appears to be connected, as shown in the screenshot in the Private Content area.

    From this, we conclude that your site is either using a server cache not related to the “LiteSpeed Cache” plugin or is utilizing a Content Delivery Network (CDN).

    Please disable these and send us a video with the default theme where the issue is absent.

    Thank you for your cooperation and we look forward to hearing from you soon.

    Kind Regards,
    8theme team

    Please contact administrator
    for this information.
    Avatar: Rev7
    Rev7
    Participant
    August 8, 2023 at 16:09

    Thank you for your investigation.

    The “script.min.js” file had been deleted, but your screenshot doesn’t show the right folder :p
    Is this file not necessary to use the comparison feature ?

    According to me, I don’t use another server cache or CDN, only LiteSpeed Cache with the default settings. My server provider “o2switch” told me to use LiteSpeed Cache since it allows to speed up the navigation thanks to “LiteSpeed Web ADC – LSCache” set on their servers.

    I will open a ticket with o2switch to get their analysis too.
    Thanks again.

    Avatar: Rose Tyler
    Rose Tyler
    Support staff
    August 11, 2023 at 08:38

    Hello, Rev7,

    We hope your question will be solved soon.
    Let us also know the result.

    Kind Regards,
    8theme team

    Avatar: Rev7
    Rev7
    Participant
    August 11, 2023 at 09:18

    Hello Rose, I used ImunifyAV to scan all my files and no malware have been detected so I guess it’s a false positive on GData…
    I suggested my customer to add the website in their whitelist. I hope I won’t loose potentiel clients because of that.
    Thank you for your help.

    Avatar: Rose Tyler
    Rose Tyler
    Support staff
    August 11, 2023 at 09:21

    Hello, Rev7,

    Thank you for letting us know.

    Kind Regards,
    8theme team

  • Viewing 8 results - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.Log in/Sign up

8theme customization service
We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.