plupload.silverlight.xap <- is it safe?

[peterelsner]

Yes it is. Thank you very much.

[vius]

Seems this issue is now unfixed.

Just got this hit running 2.74 when uploading a brand new Wordpress package:

# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]:
'/home/**REMOVED**/wp-includes/js/plupload/plupload.silverlight.xap

I'd really rather not exclude all xap files since they could contain exploits or hacks. Could someone look into this and re-fix it please?

[sneader]

I am starting up cxswatch with -I /etc/cxs/cxs.ignore

In my ignore file, I have:
hfile:plupload.silverlight.xap

I have restarted cxswatch

Despite all this, I still receive emails like this:

cxswatch Scanning /home/redacted/public_html/wp-includes/js/plupload/plupload.silverlight.xap:
# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]:
'/home/redacted/public_html/wp-includes/js/plupload/plupload.silverlight.xap'

I admit I am new to using the ignore system. Am I missing a step or doing something wrong?

Thanks for any advice.

- Scott

[ForumAdmin]

Since the plupload.silverlight.xap is in a sub-directory the ignore line will not match. You would be better of with a regex:

pfile:.*/plupload\.silverlight\.xap

[sneader]

Thanks, I'll give it a shot -- very helpful!

Also, I see in the docs, it looks like I should be using --ignore instead of -I. Maybe they are the same, but I'm going to switch to --ignore, to match the docs.

- Scott