[Twig Bridge] main.css contains URL to githubusercontent.com being flagged as Malicious by VirusTotal.com #47454
Labels
Comments
|
How is this main.css file built ? |
|
ah, we have it directly in our source. I suggest we remove the URL from the license header, putting the exact link for the source somewhere else (in the readme or in an associated file) |
|
Hey, thanks for your report! |
|
Thanks @carsonbot, I created a relative PR #49602 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Symfony version(s) affected
v5.4.8
Description
When generating emails using twig-bridge, the
main.csscontains the following link, which is hosted on a domain that is considered malicious by CMC Threat Intelligence. This is causing emails to be mistakenly quarantined and not delivered to the end users.The URL in question is
https://raw.githubusercontent.com/foundation/foundation-emails/v2.2.1/dist/foundation-emails.css.How to reproduce
If you go to
https://www.virustotal.com/gui/url/cfee0ef7cfca28ccb91d3df257c043b45b23556c288d203d165d429811a1031fyou will see that CMC Threat Intelligence does flag this as malicious. You will need to go tohttps://www.virustotal.com/gui/url/dce9ba69237bcd0d3c424e56b4d5126d3d8b35ee1d7d4d60fea7efb71efde92a/communityto understand that it is flagged malicious to being a repository of virus information.Possible Solution
One way to resolve this issue is to remove the comment with the license information and the URL, and put it in a separate file that does not make its way into the email source code.
Additional Context
I have also contacted CMC Threat Intelligence asking for them to remove the flag on githubusercontent, but I suspect not much will come from that.
The text was updated successfully, but these errors were encountered: