Code: Select all
Known exploit = [Fingerprint Match] [PHP Obfuscation Exploit [P0394]]Steve
False Positives for well known files
False Positives for well known files
I have read your advice regarding using the ignore file - but I work at a UK host, and we have a lot of CXS licenses, on servers which host thousands of Magento sites - many of whom use Extendware - nearly all of this company addons are obfuscated and are flagged up:
While local ignores are fine for less common FPs, it would be good if you had a reporting channel for more popular scripts/packages which throw FPs.
Steve
Steve
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: False Positives for well known files
There is a mechanism for reporting Fingerprint Exploit false-positives. If you are 100% sure that the script is not an exploit, you can submit it using:
If you have md5sums that are being "ignored" then you have a configuration problem somewhere and should log a ticket.
Please also be sure that you are not seeing ClamAV Virus false-positives if you are using a set of "UNOFFICIAL" rules that typically do have plenty of false-positives.
Code: Select all
cxs --comment "reason it is a false-positive" --force --wttw /path/to/script.filePlease also be sure that you are not seeing ClamAV Virus false-positives if you are using a set of "UNOFFICIAL" rules that typically do have plenty of false-positives.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: False Positives for well known files
Locking this thread as it keeps going off-topic. This is about false-positive exploits and how to report them.