Streaming live at 10am (PST)

Trojan found in export zip file!


#1

I just attempted to export a zip file of my work from Webflow and MS Defender blocked it and said there was a virus! Trojan:JS/ Jorv.A!cl Help! I need my export!


#2

whoa. thanks for the heads up. I responded to your ticket at support@webflow.com.

Lets continue out convo there.


#3

Is this anything for other users to be concerned about or this just a false positive?


#4

so far only 2 designers reported this.

Only similarities so far are:

  • both are using PCs
  • both are using Chrome
  • both are using Microsoft Security Defender or Microsoft Security Essentials

#5

I just encountered this issue as well...Says it's in the webflow.js file when I look at all detected threats in Windows Defender. This is super unfortunate, as I needed to export code for a Client today.


#6

can you give me the site name?


#7

I sent you a message with the site name and dev url.


#8

got it. thanks :slight_smile:

Can you also tell me your browser version?


#9

I am using Chrome on Windows 10, with default Microsoft Security Defender and I didn't get any warning from the download and manual scan of the exported file. Virus and spyware definitions were updated today.

Browser version shouldn't matter as it's a downloaded file.


#10

thanks for that update :slight_smile:


#11

Same here. Just downloaded, webflow js shows as infected, previous download webflow js does not!


#12

I have the same configuration as @samliew and no problem with exports. Perhaps it could be a local conflict on your machine. However since it is a commonly downloaded file shared by other systems, you should be ok. Read more about viruses, virus softwares and archive files below;


#13

I disabled defender live and extracted the file, it was webflow.js that was seen as infected outside of the zip file.

I did a diff against the older version of webflow.js and there is a minor difference but not one I would have thought would cause a problem, nevertheless it's nothing to do with the zip, it's webflow.js that is showing as being infected. It's a scary message and with defender performing active scanning, impossible for someone to download as defender trashes it immediately. This isn't something that can be resolved simply by saying "it's a local conflict", this is something that the devs need to identify and either communicate with MS or change the file so that it is no longer seen as infected.


#15

thanks for the report. We are still looking into this by trying to replicate a similar setup like you have. we'll keep you updated


#16

Just out of interest in wondering what the result was when you ran the diff on the two files?

Would definitely help to run this along faster. Can you share the difference?

Best wishes,

Mark


#17


#18

Hi @chuckles,

Thanks for providing that diff! I'm an engineer here at Webflow and am taking a look at this issue. I'm having trouble getting Windows Defender to report the virus with the exported webflow.js. Is there any chance you could provide your copy of webflow.js via a dropbox link or email (leonard at webflow.com)? Thanks so much!

Best,
Leonard


#19

To all,

Please be reassured that we do not believe we are distributing malware/viruses with your exported code.
We are doing our best to resolve this ASAP as we know it affects you and your clients. Thank you!

Best,
The Webflow Team


#20

Understood, and your quick response is appreciated.

Tracey


#21

Sent. Just notifying you in case it gets blocked.