Maldet detecting something in my cb php

[jkirker]

Has anyone else seen this?


FILE HIT LIST:
{MD5}php.exe.globals.5026 : /usr/local/directadmin/custombuild/php-5.5.21/ext/standard/tests/general_functions/bug50732.phpt => /usr/local/maldetect/quarantine/bug50732.phpt.4873
{MD5}php.exe.globals.5196 : /usr/local/directadmin/custombuild/php-5.5.21/ext/standard/tests/file/bug41874_3.phpt => /usr/local/maldetect/quarantine/bug41874_3.phpt.15825

Think I'm vulnerable?

John

PS. Sorry if this isn't the proper place for this. Didn't see a security forum.

 

[nobaloney]

Have you tried updating Roundcube?

What version of Roundcube are you running?

What version of DirectAdmin?

What version of CustomBuild?

On what OS Distribution?

Jeff

 

[zEitEr]

Hello John,

I've got the same results here:

{MD5}php.exe.globals.4964 : /usr/local/directadmin/custombuild/php-5.5.21/ext/standard/tests/general_functions/bug50732.phpt
{MD5}php.exe.globals.5196 : /usr/local/directadmin/custombuild/php-5.5.21/ext/standard/tests/file/bug41874_3.phpt

I've checked the content of the files and they seem to be safe. That's a tests directory, so you may ignore it.


Hello Jeff,

What has it to do with Roundcube, Directadmin, CustomBuild versions and OS Distribution?

maldet is a malware scanner which reports possibly infected files found in source files of PHP.

 

[DirectAdmin Support]

By the fact that the 2 files live in the "tests" folder, I'm guessing they're just there to test out php functions.. and the detection may interpret them as unsafe.
If they're part of the php tar.gz, I highly doubt they're a threat.

John

 

[jkirker]

Thanks everyone. Gave me an uneasy feeling seeing this pop up.

All the best,
John

 

[nobaloney]

What are they testing? If they're testing to see if unsafe commands are allowed on the erver, then you'd espect maldet to consider them as being unsafe.

Read the file, figure out the context in which the file is used .

Jeff