Trojan in SugarCRM CE 6.1 ?

**Ramblin** · 2010-12-29, 03:45 PM

Is there a trojan embedded in SugarCRM 6.1.0 style sheets ?

I just installed SugarCRM 6.1 and it seemed to install without a hitch

However, when I went to put my logo in, using Admin>SystemSettings>Logo, my virus protection kicked in and told me that that activated a trojan found in file
h t t p : / / (localhost_IP_Address) / (Sugar Directory) / cache / themes / Sugar5 / css / style.css ? s= ce001dac6fd9df4e8f32f8550d0e0461 & c =1
It says the trojan is Win32/Exploit.CVE-2010-3962 (A Trojan)

This was a fresh install on a fresh box. I previously installed and ran SugarCRM 6.0.3 and this never happened.

My Virus detection is eSet - Smart Security 4 and it has never done this before; it Quarantined the file and prevented the Style Sheet form being active, rendering my SugarCRM browser window pretty ugly

I have never installed SugarCRM 5 on this box yet the issue seems to be with a SugarCRM v5 css

Any ideas?

Ramblin

**kuske** · 2010-12-29, 05:04 PM

That's funny!
A great amout of people has problems with styles in SugarCRM 6.1.
So this can be the solution of their problems.
You can edit styles.css and see that there is NO VIRUS.
But ESET Internet Security finds some chars in that file which let it assume that there is a virus. ESET antivirus does not find any virus...

Just say ESET that the file should not be scanned any more and send a copy of the ESET message and the file itself to ESET, so the software can be corrected.

**Ramblin** · 2010-12-29, 08:27 PM

Thank you for your clear - and fast - answer

I found it hard to believe there was a virus, but to-date, eSet had not steered me wrong.

I know now it is not a SugarCRM issue, but I have looked through eSet to try and prevent it from scanning files from that server, and I cannot see how to do it. Do you know how to set it up for this? I see how to stop eSet from scanning a file / directory on my PC, but not from a remote server.

Ramblin

**kuske** · 2010-12-30, 08:13 AM

Oh, I have only the german version, so the wording can be a little different.

In my ESET Antivirus I have a excluding filter list.
Something like - settings - extended settings - virus&spyware-protection - exclusion filter.
There i put the sugar directory in and the performance of my sugarcrm made a jump to heaven

**AlexAv** · 2010-12-30, 08:33 AM

Originally Posted by Ramblin

Is there a trojan embedded in SugarCRM 6.1.0 style sheets ?

I just installed SugarCRM 6.1 and it seemed to install without a hitch

However, when I went to put my logo in, using Admin>SystemSettings>Logo, my virus protection kicked in and told me that that activated a trojan found in file
h t t p : / / (localhost_IP_Address) / (Sugar Directory) / cache / themes / Sugar5 / css / style.css ? s= ce001dac6fd9df4e8f32f8550d0e0461 & c =1
It says the trojan is Win32/Exploit.CVE-2010-3962 (A Trojan)

This was a fresh install on a fresh box. I previously installed and ran SugarCRM 6.0.3 and this never happened.

My Virus detection is eSet - Smart Security 4 and it has never done this before; it Quarantined the file and prevented the Style Sheet form being active, rendering my SugarCRM browser window pretty ugly

I have never installed SugarCRM 5 on this box yet the issue seems to be with a SugarCRM v5 css

Any ideas?

Ramblin

Interesting situation.

**Ramblin** · 2010-12-30, 11:57 AM

Kuske

Thank you

I found it

The settings were embedded in a list that had not been expanded when I opened the advanced settings and I had not noticed the "+" sign to the left of the list header

Appreciate the help

Ramblin