Hi,

My LimeSurvey is slefhosted and my host found malware Generic:PHP/Backdoor.A in the file application/controllers/admin/conditionsaction.php
I download this file from the website www.limesurvey.org/lts-releases-download
CE release 3.22.14 and 3.22.16 are the same files: conditionsaction.php
This error is in the original downloaded files fomr both versions.

Does someone know why this file is recognized as Malware? Is this file Malware?
How can I solve this problem?

Regards, Dollys

Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

I don't think it's a malware … except if your's are different …

False positive : see with your host the tool they used.

Thank you!
A lot different between the 2 files. I'have replaced it and request a new security-scan by the host.
Í let you hear the result, it can take a few hours.

DenisChenu wrote: Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

The Github file should be different, cause you liked to the master, not the LTS.
github.com/LimeSurvey/LimeSurvey/blob/3....conditionsaction.php


The LTS-repository file and the file in the downloadfile is 100% identical. So not simple modification or replacement by an unknown party.

Dollys wrote: my host found malware Generic:PHP/Backdoor.A in the file application/controllers/admin/conditionsaction.php

With "my host" you mean your provider? You got an email with the info that conditionsaction.php was classified as "Generic:PHP/Backdoor.A"?

Would be interesting to know what tool/signature database was used. Currently it looks like a false positive as Denis already stated.

Thank you for the reply.

Yes, host I meant provider.

The file also was marked as Malware from Master-github.
I replace the new file and asked for a new scan.

It's found with www.patchman.co/
Do you know this tool?

Dollys wrote: I replace the new file and asked for a new scan.

The file you downloaded from GITHUB is not the LTS version but the master version. So it quite normal that there are differences. I recommend to revert that replacement.

Thanks for providing infos about the scantool. I haven't used it.

jelo wrote:

DenisChenu wrote: Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

The Github file should be different, cause you liked to the master, not the LTS.
github.com/LimeSurvey/LimeSurvey/blob/3....conditionsaction.php

Totally right !

jelo wrote: The LTS-repository file and the file in the downloadfile is 100% identical. So not simple modification or replacement by an unknown party.

Thanks

I replaced the file with the LTS-one en also this file after check from patchman result into: "malware Generic:PHP/Backdoor.A"

The provider asked the makers of Patchman for the file.
I'm waiting for it and let you know.

It's a false positive detection.
The makers of Patchman said so and add this to patchman so it never happen again.
Tank you for the support!
Regards