Actions
Bug #94640
openFeature: #91354 - Integrate server response security checks causes linux-malware-detect trigger "false" detection
Status:
New
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
9
PHP Version:
7.3
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:
Description
Hello,
Feature: #91354 - Integrate server response security checks - causes linux-malware-detect trigger "false" detection.
So your code which TYPO3 include in files '.php.wrong' and '.php.txt' triggers malware detection.
For malware detection we are using "linux-malware-detect" - https://github.com/rfxn/linux-malware-detect https://www.rfxn.com/projects/linux-malware-detect/
The problematic code is: base64_decode('UEhQIGNvbnRlbnQ=');
Full code:
<!DOCTYPE html><html lang="en"><body><div><?php echo base64_decode('UEhQIGNvbnRlbnQ=');?></div></body></html>
TYPO3 9.5.18
CenOS 7.9
Actions