I am running zotero 5.0.35.1 and think I should upgrade to 5.0.37 immediately, as a eleven zotero javascript files and one entry in my shared online library, an html file, have been detected to be infected with ckickjack and other unspecified malware. The protection software I use is avast, and I have reported these files to their support.
The program isolated these files and I can send zotero support a copy of the email I reported to avast. I am concerned to know whether these files were infected via my site or whether zotero.org itself has a malware problem. I will keep the files in isolation until I hear from zotero support. Please also advise whether I should upgrade to 37 or preserve the current environment on my computer for further review.
I am operating a MacBook7,1 with Intel Core 2 Duo, 2.4 Ghz, using macOS 10.12.6 (16G1212)
Please advise.... I do not see an checkbox to select getting a copy of this report and response sent to my email of record, I supply here my email: dwilder@rochester.rr.com
(Be sure to start a new thread if you're not sure the thread you're posting to is for the same issue — the thread you posted to had nothing to do with this.)
These files are not from zotero.org, and upgrading won't have any effect. These are just snapshot files from items you saved to Zotero. The malware warnings may or may not be real — there's a decent change they're false positives — but the easiest thing to do is to just delete those attachments in Zotero and empty the trash. You can find the associated attachments in Zotero by pasting the 8-character folder name into the search bar.
Thank you for the advice, and for forming the new thread. I did a search of the forums for "malware" and the thread I posted on was top of the list, so I plead innocent!
I find it unlikely these are false positives: I have used macs continuously from the late '70s, and always been careful to have malware scanning tools running ever since I heard of the first 'infections'. These dozen files are the first that have ever been reported out by any Mac-based malware on my system.
1. The question remains, if they are not false positives, whether they sit on zotero.org waiting do damage my library's users' systems (and perhaps even propagate through the rest of zotero.org!). Any hints on how to figure that out?
2. If I delete these files, how do I recreate their function, whatever that may be? Will my snapshots be functional without them?
And thanks for the tip on correlating these .js files to their attachments.
It's really not worth worrying about. "Malware" in the context of JS files is generally fairly innocuous — these aren't going to be viruses that are going to infect your system or spread to others. If they're not false positives, they're likely in code from ad networks, like the annoying Amazon-gift-card popups that have been everywhere lately. The easiest option is just to delete the snapshots. If you want to keep them, you can delete just the flagged files, though if you want to apply that change to zotero.org and other synced computers you'll need to make a change to the main HTML file (the file that's selected when you use Show File in Zotero) in a text editor after deleting the auxiliary files and then sync.
(Or you can just re-save the original item. Since these are probably from ad networks, you'll likely get different ads on subsequent saves and won't have the same problem.)
Upgrade Storage
The program isolated these files and I can send zotero support a copy of the email I reported to avast. I am concerned to know whether these files were infected via my site or whether zotero.org itself has a malware problem.
I will keep the files in isolation until I hear from zotero support. Please also advise whether I should upgrade to 37 or preserve the current environment on my computer for further review.
I am operating a MacBook7,1 with Intel Core 2 Duo, 2.4 Ghz, using macOS 10.12.6 (16G1212)
Please advise.... I do not see an checkbox to select getting a copy of this report and response sent to my email of record, I supply here my email: dwilder@rochester.rr.com
These files are not from zotero.org, and upgrading won't have any effect. These are just snapshot files from items you saved to Zotero. The malware warnings may or may not be real — there's a decent change they're false positives — but the easiest thing to do is to just delete those attachments in Zotero and empty the trash. You can find the associated attachments in Zotero by pasting the 8-character folder name into the search bar.
I find it unlikely these are false positives: I have used macs continuously from the late '70s, and always been careful to have malware scanning tools running ever since I heard of the first 'infections'. These dozen files are the first that have ever been reported out by any Mac-based malware on my system.
1. The question remains, if they are not false positives, whether they sit on zotero.org waiting do damage my library's users' systems (and perhaps even propagate through the rest of zotero.org!). Any hints on how to figure that out?
2. If I delete these files, how do I recreate their function, whatever that may be? Will my snapshots be functional without them?
And thanks for the tip on correlating these .js files to their attachments.