Paul - have just had this warning from Windows Defender...

Threat detected: Trojan:JS/Foretype.A!ml
Alert level: Severe
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Affected items: \forums\bb_plugins2.php

Is this a genuine false positive?

Steve

What are the contents of bb_plugins2.php file?

It's the default file from within mininbb...

Steve

Then it must be a false positive. :-)

If you are about a file, which contents are just about:

then I suppose, there must be something wrong with Windows Defender... This files executes nothing even if called via PHP precompiler, not speaking about JavaScript (it's not a JavaScript file).

I've re-checked the distributed miniBB package, and I'm 100% sure it's clean from viruses or trojans.

Sorry, I should have said that I have the /* --Captcha Authorization addon */ and /* File upload addon */ installed, so that code is included in the bb_plugins2.php file.

Steve

So it's not a default file :)

Well, in my practice I also experienced a couple of times, when my codes were detected as malicious, but only if the disk was scanned by one of the anti-malware programs (and in a meanwhile it all gone since detection programs became more perfect to distinct a valid PHP code from another suspicious code).

I suppose, it only happens when the trojans-detection software scans a file for the code it knows which must be malicious. But you must be pretty sure that nor the Captcha, nor the File Upload add-on codes in bb_plugins2.php file do not contain anything JavaScript-related, there are only PHP codes which are not executed simply on your local drive. So the combination of codes is just accidental in this case.

I'm not sure what exactly codes are detected as malicious in this case (would be still great to know), but again, this is more related to the imperfection of Windows Defender.