plupload.silverlight.xap <- is it safe?

[rocksolidhq]

Good morning,

This file has been flagged repeatedly but it appears that it may be legit. Can someone confirm?

cxswatch Scanning /home/terrysco/public_html/wordpress/wp-includes/js/plupload/plupload.silverlight.xap:
# (compressed file: plupload.silverlight.dll) MS Windows Binary/Executable [application/x-winexec]:
'/home/homedir/public_html/wordpress/wp-includes/js/plupload/plupload.silverlight.xap'

thanks,
dean

[rajdilipshah]

Hi Rocksolidhq,

Yes it's safe to allow plupload.sliverlight.xap file. It's an additional feature in recent wordpress releases.
PLUPLOAD supports flash and silverlight based upload. You can probably control of this depending upon
available plugin in your computer.

To allow .XAP files, I following use Regex Rule in cxs.ignore file.

pfile:.*\.xap$

Good Luck.

Raj

[rocksolidhq]

Cool. Thanks Raj.

[chirpy]

Just bear in mind that a hacker could then potentially upload an exploit with the that file extension and it will not be detected by cxs if you do that.

[rocksolidhq]

thanks Chirpy.

I agree, i don't add exceptions unless there's a loody good reason to for the same reason. Still need to deal with the false positive warnings when they come in though. There should almost be a list somewhere of known-good files and their contents.

[Rezaa]

Wondering how you trust a user who has only 1 post ???

[peterelsner]

So if I have an md5sum of that particular plupload.silverlight.xap file, I would enter the following into my cxs.ignore file:

md5sum:f3c8xxxxxxxxxxxxxxxxxx

Is that correct?

The example also says:

# hfile: - ignore file relative to a users homedir (With: --all, --user)

So how does that work with a real life file?

hfile:--all filename

??

Thanks in advance.

[peterelsner]

Doh... Ignore my question on the hfile deal. I just realized how that's supposed to work

Still do need an answer on the md5sum: however. I think I'm doing that correctly, not 100% sure though.

[peterelsner]

So back to the md5sum feature...

I have this in my cxs.ignore file

# f3c8aaf882d1ed25a7f5fe7fd2ee4d9d is the plupload.silverlight.xap file
md5sum:f3c8aaf882d1ed25a7f5fe7fd2ee4d9d
hfile:plupload.silverlight.xap
hfile:plupload.silverlight.dll

Yet I still receive the following email daily:

cxswatch Scanning /home/USERNAME/public_html/wordpress/wp-includes/js/plupload/plupload.silverlight.xap:
# (compressed file: plupload.silverlight.dll) MS Windows Binary/Executable [application/x-winexec]:
'/home/USERNAME/public_html/wordpress/wp-includes/js/plupload/plupload.silverlight.xap'

I checked the md5 hash of that file, and it matches the string I have in the ignore file.
So why is it not ignoring this file and still warning me about it??

[chirpy]

This should now be resolved in cxs v2.65