Bug #94640
open
Feature: #91354 - Integrate server response security checks causes linux-malware-detect trigger "false" detection
0%
Description
Hello,
Feature: #91354 - Integrate server response security checks - causes linux-malware-detect trigger "false" detection.
So your code which TYPO3 include in files '.php.wrong' and '.php.txt' triggers malware detection.
For malware detection we are using "linux-malware-detect" - https://github.com/rfxn/linux-malware-detect https://www.rfxn.com/projects/linux-malware-detect/
The problematic code is: base64_decode('UEhQIGNvbnRlbnQ=');
Full code:
<!DOCTYPE html><html lang="en"><body><div><?php echo base64_decode('UEhQIGNvbnRlbnQ=');?></div></body></html>
TYPO3 9.5.18
CenOS 7.9
Updated by Oliver Hader over 2 years ago
Thanks for creating this issue. Please notice it is NOT my code - this is an open source community and therefore it belongs to everybody. The GNU General Public License explicitly allows to use, copy and modify the source code. So, please just go ahead and suggest an alternative way...
Or... report it back to "linux-malware-detect" as false-positive, since the "detected malware" is actually this:
php > echo base64_decode('UEhQIGNvbnRlbnQ=');
PHP content
Updated by Oliver Hader over 2 years ago
- Assignee deleted (
Oliver Hader) - Start date deleted (
2021-07-27)
Updated by Oliver Hader over 2 years ago
- Target version deleted (
Candidate for patchlevel)
Updated by Oliver Hader over 2 years ago
- Related to Task #91354: Integrate server response security checks added