nextcloud
Wordfence detects posible malware in nextcloud/apps/mail/vendor/wamania/php-stemmer/test/files/ca.txt
Steps to reproduce
- Install Nextcloud latest version on a domain in Plesk
- Install Wordpress and Wordfence plugin in the same domain
- Run Wordfence analysis
Expected behavior
This should not happen.
Actual behavior
Nextcloud version: 28.0.4.1 stable channel Operating system and version: Debian 11.9 with Plesk Obsidian 18.0.59 Update 2 nginx version: 1.24.0.3-v.debian.11+p18.0.59.0+t240201.0816 PHP version: 8.2.18
The issue you are facing: I have Nextcloud installed in some domains within my Plesk server. In these domains, I have Wordpress with the Wordfence security plugin, who is notifying me that the file:
nextcloud/apps/mail/vendor/wamania/php-stemmer/test/files/ca.txt
looks suspicious of including malware as per their Spam:TXT/listed.10251 policy: Content resembling that found in spam infections. The coinciding text in this file is:
\x0astreaming streaming\x0astreet street\x0astriata striat\x0astriatus striat\x0astricto strict\x0astring string\x0astripper stripp\x0astriptease stripte\x0astroke strok\x0astudio stud\x0astudi…
Mail app version
No response
Mailserver or service
No response
Operating system
No response
PHP engine version
None
Web server
None
Database
None
Additional info
No response
It's a legitimate file. Not much we can do about that. Wordfence is generating a false positive it sounds like. Take it up with them maybe? :)
https://github.com/wamania/php-stemmer/blob/master/test/files/ca.txt https://github.com/wamania/php-stemmer https://snowballstem.org/
EDIT: Though it may be possible to exclude those from the shipped package I guess since they're for tests...
