ImunifyAV False Positive Malware Alerts on Our Joomla Extensions

Since the beginning of September, ImunifyAV started triggering a malware warning when scanning our Joomla extensions, showing the alert:

SMW-INJ-27295-js.spam-5

or

SMW-INJ-CLOUDAV-js.spam-27295

This is a false positive, meaning the files are malware-free. A false positive occurs when security software like ImunifyAV incorrectly flags legitimate files based on certain code patterns that resemble malware.

The Joomla extensions affected by this issue are EngageBox and Convert Forms. The specific files likely to be flagged include:

• Convert Forms: media/com_convertforms/js/site.js
• EngageBox: media/com_rstbox/js/engagebox.js

This issue might be caused by the polyfill.io domain or polyfill.js script, which we removed in our June 2024 product updates. Make sure you’ve updated to the latest versions of these extensions.

What Should You Do?

1. Update Your Extensions: Ensure you’re using the latest versions of our extensions. Updating will help minimize false positives across WHM, cPanel, and ImunifyAV scans.
2. Check the File Integrity: To confirm you’re using the correct files and that an attacker hasn’t modified them, verify that the files on your server match the contents of our official extension packages.
3. Ignore the Alert: If ImunifyAV still shows the alert, you can safely ignore it. The flagged files do not contain any malware.

For any further assistance, please get in touch with our support team.