I recently purchased something from codecanyon. I noticed a virus warning on the zip file that was stored in my cache as part of the attachment with my purchase receipt. I’m sure this wasn’t done on purpose, but whatever system you have that is creating your attachments to those emails may be spreading malware. I had no other way of contacting the company to let them know other than this method.
The actual download from the site was fine and the php with the plugin seems fine. It was just the invoices.zip that was infected as part of the billing program.
It sounds like a false positive, especially with “script” in the name as these are almost always artificial intelligence detections and in my experience they’re usually wrong. I’m pretty sure I’ve even had Windows Defender flag one of my own programs as a “Wacatac” trojan before when it was nothing of the sort
With all that said, I was not able to reproduce this. You can try uploading the contested invoices.zip file to VirusTotal to check if it’s a false flag, in which case only a small number of antivirus engines would detect it.
For comparison, here’s a scan of my own recent invoices.zip which comes back clean: VirusTotal
You are probably right. I just never get false positives and this popped up along with some other odd behavior from windows and it was creeping me out. Sometimes I forget that odd behavior is the norm for windows. Looks like this script has been reported for many false positives and the pdf did come back clean from VirusTotal. Thanks for the tip.
