Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wordfence detects posible malware in nextcloud/apps/mail/vendor/wamania/php-stemmer/test/files/ca.txt #9586

Closed
jhernanper opened this issue Apr 19, 2024 · 1 comment · Fixed by #9657
Closed

Wordfence detects posible malware in nextcloud/apps/mail/vendor/wamania/php-stemmer/test/files/ca.txt #9586

jhernanper opened this issue Apr 19, 2024 · 1 comment · Fixed by #9657
Labels
3. to review bug

Comments

@jhernanper
Copy link

Steps to reproduce

  1. Install Nextcloud latest version on a domain in Plesk
  2. Install Wordpress and Wordfence plugin in the same domain
  3. Run Wordfence analysis

Expected behavior

This should not happen.

Actual behavior

Nextcloud version: 28.0.4.1 stable channel
Operating system and version: Debian 11.9 with Plesk Obsidian 18.0.59 Update 2
nginx version: 1.24.0.3-v.debian.11+p18.0.59.0+t240201.0816
PHP version: 8.2.18

The issue you are facing: I have Nextcloud installed in some domains within my Plesk server. In these domains, I have Wordpress with the Wordfence security plugin, who is notifying me that the file:

nextcloud/apps/mail/vendor/wamania/php-stemmer/test/files/ca.txt

looks suspicious of including malware as per their Spam:TXT/listed.10251 policy:
Content resembling that found in spam infections. The coinciding text in this file is:

\x0astreaming streaming\x0astreet street\x0astriata striat\x0astriatus striat\x0astricto strict\x0astring string\x0astripper stripp\x0astriptease stripte\x0astroke strok\x0astudio stud\x0astudi…

Mail app version

No response

Mailserver or service

No response

Operating system

No response

PHP engine version

None

Web server

None

Database

None

Additional info

No response
@joshtrichards
Copy link
Member

joshtrichards commented Apr 25, 2024
edited

It's a legitimate file. Not much we can do about that. Wordfence is generating a false positive it sounds like. Take it up with them maybe? :)

https://github.com/wamania/php-stemmer/blob/master/test/files/ca.txt
https://github.com/wamania/php-stemmer
https://snowballstem.org/

EDIT: Though it may be possible to exclude those from the shipped package I guess since they're for tests...

joshtrichards added a commit that referenced this issue May 20, 2024
@joshtrichards
fix(.nextcloudignore): Exclude php-stemmer tests from package
aa79c29 
Fixes #9586 + reduces package size by 18M.

Signed-off-by: Josh <[email protected]>
@joshtrichards joshtrichards mentioned this issue May 20, 2024
Merged
backportbot bot pushed a commit that referenced this issue May 21, 2024
@joshtrichards @backportbot
fix(.nextcloudignore): Exclude php-stemmer tests from package
1a57dab 
Fixes #9586 + reduces package size by 18M.

Signed-off-by: Josh <[email protected]>
mickenordin pushed a commit to SUNET/nextcloud-mail that referenced this issue May 27, 2024
@joshtrichards @mickenordin
fix(.nextcloudignore): Exclude php-stemmer tests from package
e273e89 
Fixes nextcloud#9586 + reduces package size by 18M.

Signed-off-by: Josh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3. to review bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(.nextcloudignore): Exclude php-stemmer tests from package nextcloud/mail
2 participants
@joshtrichards @jhernanper