plupload.silverlight.xap <- is it safe?

Community forum to discuss cxs.
If you believe that there is a problem with your cxs installation and want support then, as a paid product, you should use the helpdesk after having consulted the documentation.
peterelsner
Junior Member
Posts: 73
Joined: 16 Nov 2010, 22:49

Re: plupload.silverlight.xap <- is it safe?

Post by peterelsner »

Yes it is. Thank you very much.
vius
Junior Member
Posts: 1
Joined: 24 Oct 2012, 22:21

Re: plupload.silverlight.xap <- is it safe?

Post by vius »

Seems this issue is now unfixed.

Just got this hit running 2.74 when uploading a brand new Wordpress package:

# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]:
'/home/**REMOVED**/wp-includes/js/plupload/plupload.silverlight.xap

I'd really rather not exclude all xap files since they could contain exploits or hacks. Could someone look into this and re-fix it please? :)
sneader
Junior Member
Posts: 83
Joined: 22 Mar 2007, 05:38

Re: plupload.silverlight.xap <- is it safe?

Post by sneader »

I am starting up cxswatch with -I /etc/cxs/cxs.ignore

In my ignore file, I have:
hfile:plupload.silverlight.xap

I have restarted cxswatch

Despite all this, I still receive emails like this:

cxswatch Scanning /home/redacted/public_html/wp-includes/js/plupload/plupload.silverlight.xap:
# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]:
'/home/redacted/public_html/wp-includes/js/plupload/plupload.silverlight.xap'

I admit I am new to using the ignore system. Am I missing a step or doing something wrong?

Thanks for any advice.

- Scott
ForumAdmin
Moderator
Posts: 1479
Joined: 01 Oct 2008, 09:24

Re: plupload.silverlight.xap <- is it safe?

Post by ForumAdmin »

Since the plupload.silverlight.xap is in a sub-directory the ignore line will not match. You would be better of with a regex:

pfile:.*/plupload\.silverlight\.xap
sneader
Junior Member
Posts: 83
Joined: 22 Mar 2007, 05:38

Re: plupload.silverlight.xap <- is it safe?

Post by sneader »

Thanks, I'll give it a shot -- very helpful!

Also, I see in the docs, it looks like I should be using --ignore instead of -I. Maybe they are the same, but I'm going to switch to --ignore, to match the docs.

- Scott
Post Reply