Tagged: , , ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 19, 2022 at 8:25 pm #1348862
    mikestoltz

    Our security software “VIPRE” has detected the existence of the malware “JS:Trojan.Cryxos.8975” within our website. After some investigation, we located the JavaScript code block that triggers the malware detection. We believe this code block is inserted by the Enfold theme to check if WebFonts should be used. Please advise.

    <script type=’text/javascript’>
    (function() {
    /* check if webfonts are disabled by user setting via cookie – or user must opt in. */
    var html = document.getElementsByTagName(‘html’)[0];
    var cookie_check = html.className.indexOf(‘av-cookies-needs-opt-in’) >= 0 || html.className.indexOf(‘av-cookies-can-opt-out’) >= 0;
    var allow_continue = true;
    if( cookie_check )
    {
    if( ! document.cookie.match(/aviaCookieConsent/) || sessionStorage.getItem( ‘aviaCookieRefused’ ) )
    {
    allow_continue = false;
    }
    else
    {
    if( ! document.cookie.match(/aviaPrivacyRefuseCookiesHideBar/) )
    {
    allow_continue = false;
    }
    else if( ! document.cookie.match(/aviaPrivacyEssentialCookiesEnabled/) )
    {
    allow_continue = false;
    }
    else if( document.cookie.match(/aviaPrivacyGoogleWebfontsDisabled/) )
    {
    allow_continue = false;
    }
    }
    }
    if( allow_continue )
    {
    var f = document.createElement(‘link’);
    f.type = ‘text/css’;
    f.rel = ‘stylesheet’;
    f.href = ‘//fonts.googleapis.com/css?family=Open+Sans:400,600’;
    f.id = ‘avia-google-webfont’;
    document.getElementsByTagName(‘head’)[0].appendChild(f);
    }
    })();
    </script>

    April 20, 2022 at 11:29 am #1348918
    Günter

    Hey mikestoltz,

    Thank you for using Enfold.

    Yes, it is part of Enfold and can be found in enfold\framework\php\class-style-generator.php function link_google_font() around line 763ff.

    Script is used to load google fonts (with a prior GDPR check).

    If you do not use Google fonts you can remove the script with filter ‘avf_output_google_webfonts_script’. Return false (or anything but not true).

    If you need help with the filter let us know.

    Best regards,
    Günter

    April 20, 2022 at 9:04 pm #1348971
    mikestoltz

    Thank you. We have turned off the the use of Google Fonts at the moment. However, we’d like to use Google Fonts if possible.

    In addition to VIPRE, Bitdefender also reported this as security alerts. Please advise if this can be resolved.

    April 21, 2022 at 10:02 am #1349004
    Günter

    Hi,

    No idea why the script is reported as a security alert.

    The only thing you can try is if you do not need the GDPR stuff to remove our script with the filter and enqueue your own or modify the core file and only use the code within

    
if( allow_continue )

    Maybe there is an option to allow fonts.googleapis.com as a secure link ?

    Best regards,
    Günter

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.