Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #1348862

    Our security software “VIPRE” has detected the existence of the malware “JS:Trojan.Cryxos.8975” within our website. After some investigation, we located the JavaScript code block that triggers the malware detection. We believe this code block is inserted by the Enfold theme to check if WebFonts should be used. Please advise.

    <script type=’text/javascript’>
    (function() {
    /* check if webfonts are disabled by user setting via cookie – or user must opt in. */
    var html = document.getElementsByTagName(‘html’)[0];
    var cookie_check = html.className.indexOf(‘av-cookies-needs-opt-in’) >= 0 || html.className.indexOf(‘av-cookies-can-opt-out’) >= 0;
    var allow_continue = true;
    if( cookie_check )
    {
    if( ! document.cookie.match(/aviaCookieConsent/) || sessionStorage.getItem( ‘aviaCookieRefused’ ) )
    {
    allow_continue = false;
    }
    else
    {
    if( ! document.cookie.match(/aviaPrivacyRefuseCookiesHideBar/) )
    {
    allow_continue = false;
    }
    else if( ! document.cookie.match(/aviaPrivacyEssentialCookiesEnabled/) )
    {
    allow_continue = false;
    }
    else if( document.cookie.match(/aviaPrivacyGoogleWebfontsDisabled/) )
    {
    allow_continue = false;
    }
    }
    }
    if( allow_continue )
    {
    var f = document.createElement(‘link’);
    f.type = ‘text/css’;
    f.rel = ‘stylesheet’;
    f.href = ‘//fonts.googleapis.com/css?family=Open+Sans:400,600’;
    f.id = ‘avia-google-webfont’;
    document.getElementsByTagName(‘head’)[0].appendChild(f);
    }
    })();
    </script>

    #1348918

    Hey mikestoltz,

    Thank you for using Enfold.

    Yes, it is part of Enfold and can be found in enfold\framework\php\class-style-generator.php function link_google_font() around line 763ff.

    Script is used to load google fonts (with a prior GDPR check).

    If you do not use Google fonts you can remove the script with filter ‘avf_output_google_webfonts_script’. Return false (or anything but not true).

    If you need help with the filter let us know.

    Best regards,
    Günter

    #1348971

    Thank you. We have turned off the the use of Google Fonts at the moment. However, we’d like to use Google Fonts if possible.

    In addition to VIPRE, Bitdefender also reported this as security alerts. Please advise if this can be resolved.

    #1349004

    Hi,

    No idea why the script is reported as a security alert.

    The only thing you can try is if you do not need the GDPR stuff to remove our script with the filter and enqueue your own or modify the core file and only use the code within

    
    if( allow_continue )
    

    Maybe there is an option to allow fonts.googleapis.com as a secure link ?

    Best regards,
    Günter

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.